Vulnerabilities > Cisco > Security Manager > 4.8

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-20645 Cross-site Scripting vulnerability in Cisco Security Manager
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.
network
low complexity
cisco CWE-79
6.1
6.1
2022-01-14 CVE-2022-20646 Cross-site Scripting vulnerability in Cisco Security Manager
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.
network
low complexity
cisco CWE-79
6.1
6.1
2022-01-14 CVE-2022-20647 Cross-site Scripting vulnerability in Cisco Security Manager
Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.
network
low complexity
cisco CWE-79
6.1
6.1
2020-11-17 CVE-2020-27131 Deserialization of Untrusted Data vulnerability in Cisco Security Manager
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
critical
 9.8
9.8
2020-11-17 CVE-2020-27130 Unspecified vulnerability in Cisco Security Manager
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
low complexity
cisco
critical
 9.1
9.1
2020-11-17 CVE-2020-27125 Improper Input Validation vulnerability in Cisco Security Manager
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system.
network
low complexity
cisco CWE-20
critical
 9.8
9.8
2019-10-02 CVE-2019-12630 Deserialization of Untrusted Data vulnerability in Cisco Security Manager
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.
network
low complexity
cisco CWE-502
7.5
7.5