cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1561,https://securityvulnerability.io/vulnerability/CVE-2021-1561,Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability,"A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain unauthorized access and modify the spam quarantine settings of another user. This vulnerability exists because access to the spam quarantine feature is not properly restricted. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to modify another user's spam quarantine settings, possibly disabling security controls or viewing email messages stored on the spam quarantine interfaces.",Cisco,Cisco Content Security Management Appliance (sma),5.4,MEDIUM,0.0009399999980814755,false,,false,false,true,2024-08-03T17:16:01.000Z,,false,false,,2021-08-18T00:00:00.000Z,0
CVE-2021-1447,https://securityvulnerability.io/vulnerability/CVE-2021-1447,Cisco Content Security Management Appliance Privilege Escalation Vulnerability,"A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.",Cisco,Cisco Content Security Management Appliance (sma),6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-03T17:15:56.000Z,,false,false,,2021-05-06T13:15:00.000Z,0
CVE-2020-3178,https://securityvulnerability.io/vulnerability/CVE-2020-3178,Cisco Content Security Management Appliance Open Redirect Vulnerabilities,"Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites.",Cisco,Cisco Content Security Management Appliance (sma),6.1,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T08:16:28.000Z,,false,false,,2020-05-06T00:00:00.000Z,0
CVE-2019-12635,https://securityvulnerability.io/vulnerability/CVE-2019-12635,Cisco Content Security Management Appliance Information Disclosure Vulnerability,"A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.",Cisco,Cisco Content Security Management Appliance (sma),4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-09-16T23:18:57.000Z,,false,false,,2019-09-05T02:15:00.000Z,0
CVE-2018-15393,https://securityvulnerability.io/vulnerability/CVE-2018-15393,Cisco Content Security Management Appliance (SMA) Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Content Security Management Appliance (sma),4.8,MEDIUM,0.0007200000109151006,false,,false,false,true,2024-08-05T10:17:49.000Z,,false,false,,2018-11-08T17:29:00.000Z,0
CVE-2017-6783,https://securityvulnerability.io/vulnerability/CVE-2017-6783,,"A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance).",Cisco,"Web Security Appliance (wsa),Email Security Appliance (esa),Content Security Management Appliance (sma)",4.3,MEDIUM,0.001820000004954636,false,,false,false,false,,,false,false,,2017-08-17T20:29:00.000Z,0