Vulnerabilities > Cisco > Email Security Appliance > 9.7.2.047

DATE CVE VULNERABILITY TITLE RISK
2016-12-14 CVE-2016-9202 Cross-site Scripting vulnerability in Cisco Email Security Appliance
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device.
network
cisco CWE-79
4.3
4.3
2016-12-14 CVE-2016-6465 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker to bypass user filters that are configured for an affected device.
network
cisco CWE-20
4.3
4.3
2016-10-28 CVE-2016-6358 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.
network
low complexity
cisco CWE-20
5.0
5.0