Vulnerabilities > Cisco > Email Security Appliance

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-3137 Cross-site Scripting vulnerability in Cisco Email Security Appliance
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2020-09-23 CVE-2020-3133 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device.
network
low complexity
cisco CWE-20
7.5
7.5
2020-08-17 CVE-2020-3447 Information Exposure Through Log Files vulnerability in Cisco products
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.
network
low complexity
cisco CWE-532
6.5
6.5
2020-07-16 CVE-2020-3370 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device.
network
low complexity
cisco CWE-20
5.8
5.8
2020-03-04 CVE-2020-3181 Resource Exhaustion vulnerability in Cisco Email Security Appliance
A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device.
network
low complexity
cisco CWE-400
6.5
6.5
2020-03-04 CVE-2020-3164 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
5.3
5.3
2020-02-19 CVE-2020-3132 Resource Exhaustion vulnerability in Cisco Cloud Email Security and Email Security Appliance
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device.
network
high complexity
cisco CWE-400
5.9
5.9
2020-01-26 CVE-2020-3134 Improper Input Validation vulnerability in Cisco Email Security Appliance
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
cisco CWE-20
6.5
6.5
2019-07-06 CVE-2019-1933 Improper Input Validation vulnerability in Cisco Email Security Appliance 11.1.2023
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device.
network
low complexity
cisco CWE-20
7.4
7.4
2019-07-06 CVE-2019-1921 Improper Input Validation vulnerability in Cisco Email Security Appliance 12.0.0419
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device.
network
low complexity
cisco CWE-20
7.5
7.5