Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-02-05 CVE-2024-7596 Unspecified vulnerability in Ietf Generic UDP Encapsulation
Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
network
high complexity
ietf
6.5
6.5
2025-02-05 CVE-2025-20179 A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
CWE-79
6.1
6.1
2025-02-05 CVE-2025-20180 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input.
network
low complexity
CWE-79
4.8
4.8
2025-02-05 CVE-2025-20183 A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint.  The vulnerability is due to improper handling of a crafted range request header.
network
low complexity
CWE-20
5.8
5.8
2025-02-05 CVE-2025-20184 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
network
low complexity
CWE-20
6.5
6.5
2025-02-05 CVE-2025-20204 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-79
4.8
4.8
2025-02-05 CVE-2025-20205 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.  This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system.
network
low complexity
CWE-79
4.8
4.8
2025-02-05 CVE-2025-20207 A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about the underlying operating system. This vulnerability exists because the appliances do not protect confidential information at rest in response to SNMP poll requests.
network
low complexity
CWE-200
4.3
4.3
2025-02-05 CVE-2024-49348 IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts.
network
low complexity
CWE-266
4.3
4.3
2025-02-05 CVE-2024-52364 IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4