Cisco Security Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Security Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (30)
CVE-2009-1161 — CVSS 10.0 (critical): Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in…
CVE-2010-3036 — CVSS 10.0 (critical): Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow…
CVE-2019-12630 — CVSS 9.8 (critical): A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2020-27130 — CVSS 9.1 (critical): A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The…
CVE-2020-27131 — CVSS 8.1 (high): Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote…
CVE-2020-27125 — CVSS 7.4 (high): A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected…
CVE-2008-3820 — CVSS 6.8 (medium): Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and…
CVE-2014-3267 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to…
CVE-2019-1903 — CVSS 6.5 (medium): A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial…
CVE-2014-3326 — CVSS 6.5 (medium): SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute…
CVE-2022-20647 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2018-0223 — CVSS 6.1 (medium): A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote…
CVE-2022-20641 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20642 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20643 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20644 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20645 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20646 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20635 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20636 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20637 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20638 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20639 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2022-20640 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to…
CVE-2013-5488 — CVSS 5.0 (medium): Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and…
CVE-2014-3266 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject…
CVE-2015-0727 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject…
CVE-2014-3265 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows…
CVE-2014-2138 — CVSS 4.3 (medium): CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary…
CVE-2015-0594 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management…