Vulnerabilities > Cisco > Email Security Appliance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-20009 | Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. | 7.2 |
| 2023-03-01 | CVE-2023-20075 | OS Command Injection vulnerability in Cisco Email Security Appliance Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. | 6.7 |
| 2022-11-04 | CVE-2022-20960 | Improper Certificate Validation vulnerability in Cisco Email Security Appliance A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. | 7.5 |
| 2022-06-15 | CVE-2022-20664 | Information Exposure vulnerability in Cisco Email Security Appliance A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. | 7.7 |
| 2022-06-15 | CVE-2022-20798 | Improper Authentication vulnerability in Cisco products A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. | 9.8 |
| 2021-06-16 | CVE-2021-1566 | Improper Certificate Validation vulnerability in Cisco Asyncos and Email Security Appliance A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. | 7.4 |
| 2021-05-06 | CVE-2021-1516 | Information Exposure Through Source Code vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. | 6.5 |
| 2021-01-20 | CVE-2021-1129 | Information Exposure Through Sent Data vulnerability in Cisco products A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. | 5.3 |
| 2020-09-23 | CVE-2020-3137 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2020-09-23 | CVE-2020-3133 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. | 5.0 |