Cisco Security Manager vulnerabilities

CVE-2022-20635 [MEDIUM] CWE-79 CVE-2022-20635: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20647 [MEDIUM] CWE-79 CVE-2022-20647: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20639 [MEDIUM] CWE-79 CVE-2022-20639: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20645 [MEDIUM] CWE-79 CVE-2022-20645: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20642 [MEDIUM] CWE-79 CVE-2022-20642: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20636 [MEDIUM] CWE-79 CVE-2022-20636: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20641 [MEDIUM] CWE-79 CVE-2022-20641: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20638 [MEDIUM] CWE-79 CVE-2022-20638: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20644 [MEDIUM] CWE-79 CVE-2022-20644: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20637 [MEDIUM] CWE-79 CVE-2022-20637: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20646 [MEDIUM] CWE-79 CVE-2022-20646: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20640 [MEDIUM] CWE-79 CVE-2022-20640: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2022-20643 [MEDIUM] CWE-79 CVE-2022-20643: Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could explo

CVE-2020-27131 [HIGH] CWE-20 CVE-2020-27131: Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabili

CVE-2020-27125 [HIGH] CWE-20 CVE-2020-27125: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the atta

CVE-2020-27130 [CRITICAL] CWE-35 CVE-2020-27130: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain ac A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected

CVE-2019-12630 [CRITICAL] CWE-20 CVE-2019-12630: A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an u A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a mal

CVE-2019-1903 [MEDIUM] CWE-611 CVE-2019-1903: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references

CVE-2018-0223 [MEDIUM] CWE-79 CVE-2018-0223: A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager co A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management inter

CVE-2015-0727 [MEDIUM] CWE-79 CVE-2015-0727: Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789.