) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/o:cisco:asyncos:-
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-0577 |
Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA), allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCus22925 and CSCup08113. Published: January 14, 2015; 2:59:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-3381 |
The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisco Email Security Appliance (ESA) does not properly analyze ZIP archives, which allows remote attackers to bypass malware filtering via a crafted archive, aka Bug ID CSCup07934. Published: October 18, 2014; 9:55:13 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2014-2195 |
Cisco AsyncOS on Email Security Appliance (ESA) and Content Security Management Appliance (SMA) devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085. Published: May 20, 2014; 7:13:37 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |