Vulnerabilities > Cisco > Content Security Management Appliance > 9.6.6.068
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-06 | CVE-2021-1447 | Unspecified vulnerability in Cisco Content Security Management Appliance A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. | 6.7 |
| 2020-09-23 | CVE-2020-3117 | Unspecified vulnerability in Cisco products A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. | 4.7 |
| 2020-08-17 | CVE-2020-3447 | Information Exposure Through Log Files vulnerability in Cisco products A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
| 2020-05-06 | CVE-2020-3178 | Open Redirect vulnerability in Cisco Content Security Management Appliance Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2020-03-04 | CVE-2020-3164 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. | 5.3 |
| 2019-09-05 | CVE-2019-12635 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Content Security Management Appliance A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. | 4.3 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |