3.3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-14	CVE-2022-20645	Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. network low complexity cisco CWE-79	6.1
2022-01-14	CVE-2022-20646	Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. network low complexity cisco CWE-79	6.1
2022-01-14	CVE-2022-20647	Cross-site Scripting vulnerability in Cisco Security Manager Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. network low complexity cisco CWE-79	6.1
2020-11-17	CVE-2020-27131	Deserialization of Untrusted Data vulnerability in Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. network low complexity cisco CWE-502 critical	9.8
2020-11-17	CVE-2020-27130	Unspecified vulnerability in Cisco Security Manager A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. network low complexity cisco critical	9.1
2020-11-17	CVE-2020-27125	Improper Input Validation vulnerability in Cisco Security Manager A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. network low complexity cisco CWE-20 critical	9.8
2019-10-02	CVE-2019-12630	Deserialization of Untrusted Data vulnerability in Cisco Security Manager A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. network low complexity cisco CWE-502	7.5
2014-05-26	CVE-2014-3267	Cross-Site Request Forgery (CSRF) vulnerability in Cisco Security Manager Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make unspecified changes, aka Bug ID CSCuo46427. network cisco CWE-352	6.8
2014-05-26	CVE-2014-3266	Cross-Site Scripting vulnerability in Cisco Security Manager Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189. network cisco CWE-79	4.3
2014-04-02	CVE-2014-2138	Improper Input Validation vulnerability in Cisco Security Manager CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. network cisco CWE-20	4.3