Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

content_security_management_appliance_sma_m690

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2021-1425
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.13%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 15:36
Updated-11 Aug, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-content_security_management_appliance_sma_m695content_security_management_appliance_sma_m190asyncoscontent_security_management_appliance_smav_m300vcontent_security_management_appliance_smav_m000vcontent_security_management_appliance_sma_m690content_security_management_appliance_sma_m395content_security_management_appliance_smav_m600vcontent_security_management_appliance_smav_m100vcontent_security_management_appliance_sma_m195Cisco Secure Email and Web Manager
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2018-0140
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.32%
||
7 Day CHG-0.03%
Published-08 Feb, 2018 | 07:00
Updated-02 Dec, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-email_security_appliance_c190email_security_appliance_c670content_security_management_appliance_sma_m390xemail_security_appliance_c370demail_security_appliance_c170email_security_appliance_c160content_security_management_appliance_sma_m690email_security_appliance_c680email_security_appliance_c690xcontent_security_management_appliance_sma_m690xcontent_security_management_applianceemail_security_appliance_firmwareemail_security_appliance_c690email_security_appliance_c370content_security_management_appliance_sma_m190email_security_appliance_c380email_security_appliance_c390email_security_appliance_x1070content_security_management_appliance_sma_m390Cisco Email Security Appliance and Cisco Content Security Management Appliance
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-425
Direct Request ('Forced Browsing')