Vulnerabilities > Cisco > Secure Email AND WEB Manager > 14.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-20009 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco products
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access.
network
low complexity
cisco CWE-434
7.2
2022-06-15 CVE-2022-20664 Information Exposure vulnerability in Cisco Email Security Appliance
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device.
network
low complexity
cisco CWE-200
7.7
2022-06-15 CVE-2022-20798 Improper Authentication vulnerability in Cisco products
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.
network
low complexity
cisco CWE-287
critical
9.8