threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cisco web security appliance
Product
cisco web security appliance
65 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-20120
all versions
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; C
5.4
MEDIUM
CVE-2023-20119
all versions
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly k
6.1
MEDIUM
CVE-2023-20028
all versions
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; C
5.4
MEDIUM
CVE-2023-20032
< 12.5.6
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partit
9.8
CRITICAL
CVE-2022-20784
>= 11.7.0 and < 14.0.2
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) c
5.8
MEDIUM
CVE-2021-1359
all versions
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticat
6.3
MEDIUM
CVE-2021-1566
all versions
A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security
7.4
HIGH
CVE-2021-1516
all versions
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (S
4.3
MEDIUM
CVE-2021-1490
< 14.0
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unaut
4.7
MEDIUM
CVE-2021-1129
all versions
A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco C
5.3
MEDIUM
CVE-2020-3117
all versions
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management
4.7
MEDIUM
CVE-2019-15969
< 11.8.0
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
6.1
MEDIUM
CVE-2020-3164
<= 12.0.1-268
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Securit
5.3
MEDIUM
CVE-2019-15956
all versions
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an au
8.8
HIGH
CVE-2019-1886
all versions
A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attac
8.6
HIGH
CVE-2019-1884
all versions
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an aut
7.7
HIGH
CVE-2019-1817
all versions
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthent
7.5
HIGH
CVE-2019-1816
all versions
A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local at
7.8
HIGH
CVE-2019-1672
all versions
A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an una
5.8
MEDIUM
CVE-2018-0428
all versions
A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local atta
6.7
MEDIUM
CVE-2018-0410
all versions
A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthen
8.6
HIGH
CVE-2018-0406
all versions
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
6.1
MEDIUM
CVE-2018-0366
all versions
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
6.1
MEDIUM
CVE-2018-0353
all versions
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attac
7.5
HIGH
CVE-2018-0093
all versions
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
6.1
MEDIUM
CVE-2017-6783
all versions
A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security M
4.3
MEDIUM
CVE-2017-6751
all versions
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote at
7.5
HIGH
CVE-2017-6750
all versions
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to
7.5
HIGH
CVE-2017-6749
all versions
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote a
5.4
MEDIUM
CVE-2017-6748
all versions
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perfor
6.7
MEDIUM
CVE-2017-6746
all versions
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to pe
7.2
HIGH
CVE-2017-3870
all versions
A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unaut
5.8
MEDIUM
CVE-2017-3827
all versions
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security App
5.8
MEDIUM
CVE-2016-9212
all versions
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security
7.5
HIGH
CVE-2016-6469
all versions
A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote
7.5
HIGH
CVE-2016-1411
all versions
A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security
5.9
MEDIUM
CVE-2016-6372
all versions
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of C
7.5
HIGH
CVE-2016-6360
all versions
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) c
7.5
HIGH
CVE-2016-6416
all versions
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WS
5.9
MEDIUM
CVE-2016-6407
all versions
Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link
7.5
HIGH
CVE-2016-1440
all versions
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of ser
5.3
MEDIUM
CVE-2016-1405
all versions
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) dev
7.5
HIGH
CVE-2016-1381
all versions
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to c
7.5
HIGH
CVE-2016-1380
all versions
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (p
7.5
HIGH
CVE-2016-1288
all versions
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows
5.3
MEDIUM
CVE-2016-1296
all versions
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote att
7.5
HIGH
CVE-2015-6386
all versions
The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote atta
CVE-2015-6298
all versions
The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-
CVE-2015-6292
all versions
The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8
CVE-2015-6321
all versions
Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Securi
CVE-2015-6293
all versions
Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-
CVE-2015-4288
all versions
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content
CVE-2015-0732
all versions
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance
CVE-2015-4198
all versions
Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-49
CVE-2015-0738
all versions
Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 a
CVE-2015-0698
<= 8.5.0-497
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA
CVE-2015-0693
all versions
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module du
CVE-2015-0692
all versions
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module du
CVE-2015-0624
all versions
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Securit
CVE-2015-0628
all versions
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions vi
CVE-2015-0623
all versions
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows rem
CVE-2014-3289
all versions
Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.
CVE-2014-2137
all versions
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to
CVE-2013-5537
all versions
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance
CVE-2013-3395
all versions
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin