Vulnerabilities > Cisco > Cloud WEB Security

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-3154 SQL Injection vulnerability in Cisco Cloud web Security 5.2(0)
A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could allow an authenticated, remote attacker to execute arbitrary SQL queries.
network
low complexity
cisco CWE-89
4.0
4.0
2017-09-19 CVE-2015-0689 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Cloud web Security
Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
network
low complexity
cisco CWE-119
5.0
5.0
2017-07-25 CVE-2015-0674 Cross-site Scripting vulnerability in Cisco Cloud web Security
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
cisco CWE-79
4.3
4.3