Cisco Web Security Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Web Security Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (65)
CVE-2023-20032 — CVSS 9.8 (critical): On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file…
CVE-2015-6298 — CVSS 9.0 (critical): The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and…
CVE-2019-15956 — CVSS 8.8 (high): A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an…
CVE-2019-1886 — CVSS 8.6 (high): A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to…
CVE-2018-0410 — CVSS 8.6 (high): A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated…
CVE-2013-5537 — CVSS 7.8 (high): The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA)…
CVE-2019-1816 — CVSS 7.8 (high): A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to…
CVE-2015-6292 — CVSS 7.8 (high): The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before…
CVE-2015-6293 — CVSS 7.8 (high): Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on…
CVE-2015-6321 — CVSS 7.8 (high): Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security…
CVE-2019-1884 — CVSS 7.7 (high): A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an…
CVE-2016-6469 — CVSS 7.5 (high): A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker…
CVE-2016-9212 — CVSS 7.5 (high): A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security…
CVE-2016-6360 — CVSS 7.5 (high): A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could…
CVE-2016-6372 — CVSS 7.5 (high): A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco…
CVE-2017-6751 — CVSS 7.5 (high): A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to…
CVE-2016-1296 — CVSS 7.5 (high): The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to…
CVE-2016-1380 — CVSS 7.5 (high): Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service…
CVE-2016-1381 — CVSS 7.5 (high): Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) devices allows remote attackers to cause a…
CVE-2016-1405 — CVSS 7.5 (high): libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices…
CVE-2018-0353 — CVSS 7.5 (high): A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to…
CVE-2016-6407 — CVSS 7.5 (high): Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (link…
CVE-2017-6750 — CVSS 7.5 (high): A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the…
CVE-2019-1817 — CVSS 7.5 (high): A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated…
CVE-2021-1566 — CVSS 7.4 (high): A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security…
CVE-2017-6746 — CVSS 7.2 (high): A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform…
CVE-2015-0692 — CVSS 7.2 (high): Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during…
CVE-2015-0693 — CVSS 7.2 (high): Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during…
CVE-2013-3395 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security…
CVE-2018-0428 — CVSS 6.7 (medium): A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to…
CVE-2017-6748 — CVSS 6.7 (medium): A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command…
CVE-2021-1359 — CVSS 6.3 (medium): A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated…
CVE-2019-15969 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker…
CVE-2018-0366 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker…
CVE-2023-20119 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as…
CVE-2018-0093 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker…
CVE-2018-0406 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker…
CVE-2016-1411 — CVSS 5.9 (medium): A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security…
CVE-2016-6416 — CVSS 5.9 (medium): The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA)…
CVE-2022-20784 — CVSS 5.8 (medium): A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could…
CVE-2019-1672 — CVSS 5.8 (medium): A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance (WSA) could allow an…
CVE-2017-3870 — CVSS 5.8 (medium): A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an…
CVE-2017-3827 — CVSS 5.8 (medium): A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances…
CVE-2023-20028 — CVSS 5.4 (medium): Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco…
CVE-2017-6749 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker…
CVE-2023-20120 — CVSS 5.4 (medium): Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco…
CVE-2016-1288 — CVSS 5.3 (medium): The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote…
CVE-2020-3164 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security…
CVE-2016-1440 — CVSS 5.3 (medium): The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU…
CVE-2021-1129 — CVSS 5.3 (medium): A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content…
CVE-2015-0628 — CVSS 5.0 (medium): The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a…
CVE-2015-6386 — CVSS 5.0 (medium): The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to…
CVE-2021-1490 — CVSS 4.7 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an…
CVE-2020-3117 — CVSS 4.7 (medium): A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management…
CVE-2015-0732 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA)…
CVE-2015-0624 — CVSS 4.3 (medium): The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security…
CVE-2021-1516 — CVSS 4.3 (medium): A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA)…
CVE-2015-0623 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote…
CVE-2015-0738 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows…
CVE-2015-4198 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows…
CVE-2014-3289 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web…
CVE-2014-2137 — CVSS 4.3 (medium): CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject…
CVE-2017-6783 — CVSS 4.3 (medium): A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management…
CVE-2015-4288 — CVSS 4.3 (medium): The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security…
CVE-2015-0698 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices…