Vulnerabilities > Cisco > Content Security Management Appliance > 9.1.0.103
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-1447 | Improper Privilege Management vulnerability in Cisco Content Security Management Appliance A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. | 6.7 |
| 2020-09-23 | CVE-2020-3117 | Unspecified vulnerability in Cisco products A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. network cisco | 4.3 |
| 2020-08-17 | CVE-2020-3447 | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
| 2020-05-06 | CVE-2020-3178 | Open Redirect vulnerability in Cisco Content Security Management Appliance Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 5.8 |
| 2020-03-04 | CVE-2020-3164 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. | 5.0 |
| 2019-09-05 | CVE-2019-12635 | Improper Authorization vulnerability in Cisco Content Security Management Appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. | 4.0 |
| 2016-12-14 | CVE-2016-1411 | Cryptographic Issues vulnerability in Cisco products A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. | 4.3 |
| 2016-10-05 | CVE-2016-6416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065. | 4.3 |
| 2015-08-19 | CVE-2015-4322 | Permissions, Privileges, and Access Controls vulnerability in Cisco Content Security Management Appliance 8.3.6039/9.1.0103/9.1.031 Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | 5.5 |