Vulnerabilities > Cisco > Umbrella
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20969 | Cross-site Scripting vulnerability in Cisco Umbrella 003.003(000) A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. | 5.4 |
| 2022-04-21 | CVE-2022-20773 | Use of Hard-coded Credentials vulnerability in Cisco Umbrella A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. | 8.1 |
| 2021-11-04 | CVE-2021-40126 | Information Exposure Through an Error Message vulnerability in Cisco Umbrella A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. | 4.3 |
| 2021-04-08 | CVE-2021-1475 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cisco Umbrella Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. | 4.1 |
| 2021-04-08 | CVE-2021-1474 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cisco Umbrella Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. | 8.6 |
| 2021-01-20 | CVE-2021-1350 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco Umbrella A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. | 5.3 |
| 2020-06-18 | CVE-2020-3337 | Open Redirect vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. | 5.8 |
| 2020-05-06 | CVE-2020-3246 | Injection vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. | 4.3 |
| 2019-05-03 | CVE-2019-1807 | Session Fixation vulnerability in Cisco Umbrella A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. | 6.8 |
| 2019-04-18 | CVE-2019-1792 | Cross-site Scripting vulnerability in Cisco Umbrella A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. | 6.1 |