Search criteria
6 vulnerabilities found for Secure Email Gateway by Cisco
CERTFR-2024-AVI-0602
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les correctifs de sécurité pour la vulnérabilité CVE-2024-20435 affectant Secure Web Appliance seront publiés en juillet (14.5.3 MR) et août (15.0 MR) 2024. Les correctifs pour la vulnérabilité CVE-2024-20296 affectant ISE seront publiés en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est déjà disponible.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.0.x antérieures à 15.0 MR | ||
| Cisco | Secure Email Gateway | Secure Email Gateway avec une version de paquet de Content Scanner Tools antérieure à 23.3.0.4823 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions antérieures à 3.1P10 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.1.x | ||
| Cisco | Intelligent Node Software | iNode Software versions antérieures à 4.0.0 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P7 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.3.x antérieures à 3.3P3 | ||
| Cisco | Intelligent Node Software | iNode Manager Software versions antérieures à 24.1 | ||
| Cisco | Smart Software Manager | Smart Software Manager (SSM) On-Prem verions 8.x antérieures à 8-202212 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions antérieures à 14.5.3 MR |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Web Appliance avec AsyncOS versions 15.0.x ant\u00e9rieures \u00e0 15.0 MR ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Email Gateway avec une version de paquet de Content Scanner Tools ant\u00e9rieure \u00e0 23.3.0.4823",
"product": {
"name": "Secure Email Gateway",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 3.1P10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions 15.1.x ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Software versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.2.x ant\u00e9rieures \u00e0 3.2P7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.3.x ant\u00e9rieures \u00e0 3.3P3",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Manager Software versions ant\u00e9rieures \u00e0 24.1",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Smart Software Manager (SSM) On-Prem verions 8.x ant\u00e9rieures \u00e0 8-202212",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions ant\u00e9rieures \u00e0 14.5.3 MR",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-20435 affectant Secure Web Appliance seront publi\u00e9s en juillet (14.5.3 MR) et ao\u00fbt (15.0 MR) 2024. Les correctifs pour la vuln\u00e9rabilit\u00e9 CVE-2024-20296 affectant ISE seront publi\u00e9s en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est d\u00e9j\u00e0 disponible.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20435",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20435"
},
{
"name": "CVE-2024-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20401"
},
{
"name": "CVE-2024-20419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20419"
},
{
"name": "CVE-2024-20323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20323"
},
{
"name": "CVE-2024-20296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20296"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0602",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esa-afw-bGG2UsjH",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-inode-static-key-VUVCeynn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-swa-priv-esc-7uHpZsCC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-file-upload-krW2TxA9",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-auth-sLw3uhUy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy"
}
]
}
VAR-202401-2029
Vulnerability from variot - Updated: 2024-02-07 23:03Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202401-2029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ironport email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "cisco secure email gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ironport email security appliance software",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:ironport_email_security_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:secure_email_gateway_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:secure_email_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"cve": "CVE-2023-31488",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-31488",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-31488",
"trust": 1.8,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-31488"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-31488",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-025572",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"id": "VAR-202401-2029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43892258
},
"last_update_date": "2024-02-07T23:03:54.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CSCwe11003",
"trust": 0.8,
"url": "https://bst.cisco.com/quickview/bug/cscwe11003"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://bst.cisco.com/quickview/bug/cscwe11003"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-31488"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"date": "2024-01-10T20:15:45.330000",
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-06T03:04:00",
"db": "JVNDB",
"id": "JVNDB-2023-025572"
},
{
"date": "2024-01-19T17:50:52.807000",
"db": "NVD",
"id": "CVE-2023-31488"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems \u00a0Cisco\u00a0IronPort\u00a0Email\u00a0Security\u00a0Appliance\u00a0Software\u00a0 and \u00a0Cisco\u00a0Secure\u00a0Email\u00a0Gateway\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-025572"
}
],
"trust": 0.8
}
}
VAR-202306-1845
Vulnerability from variot - Updated: 2024-02-01 23:06Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-1845",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-050"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-033"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-053"
},
{
"model": "cisco secure email gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-256"
},
{
"model": "cisco web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.0-418"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"cve": "CVE-2023-20120",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-20120",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-20120",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2023-20120",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-2003",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20120"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "VULMON",
"id": "CVE-2023-20120"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20120",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20120",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20120"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"id": "VAR-202306-1845",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44624132
},
"last_update_date": "2024-02-01T23:06:15.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-esa-sma-wsa-xss-cP9DuEmq",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"title": "Multiple Cisco product Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244904"
},
{
"title": "Cisco: Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-esa-sma-wsa-xss-cp9duemq"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20120"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20120"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20120/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20120"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20120"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"date": "2023-06-28T15:15:09.760000",
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T06:38:00",
"db": "JVNDB",
"id": "JVNDB-2023-024109"
},
{
"date": "2023-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2003"
},
{
"date": "2023-11-07T04:06:06.050000",
"db": "NVD",
"id": "CVE-2023-20120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2003"
}
],
"trust": 0.6
}
}
VAR-202306-2182
Vulnerability from variot - Updated: 2024-02-01 23:01Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-2182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-050"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-033"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-053"
},
{
"model": "cisco secure email gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-256"
},
{
"model": "cisco web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.0-418"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"cve": "CVE-2023-20028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-20028",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-20028",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2023-20028",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-2002",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20028"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "VULMON",
"id": "CVE-2023-20028"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20028",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20028",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20028"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"id": "VAR-202306-2182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44624132
},
"last_update_date": "2024-02-01T23:01:41.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-esa-sma-wsa-xss-cP9DuEmq",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"title": "Multiple Cisco product Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244903"
},
{
"title": "Cisco: Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-esa-sma-wsa-xss-cp9duemq"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20028"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20028"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20028/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20028"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20028"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"date": "2023-06-28T15:15:09.457000",
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T06:37:00",
"db": "JVNDB",
"id": "JVNDB-2023-024105"
},
{
"date": "2023-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2002"
},
{
"date": "2023-11-07T04:05:48.153000",
"db": "NVD",
"id": "CVE-2023-20028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024105"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2002"
}
],
"trust": 0.6
}
}
VAR-202306-1941
Vulnerability from variot - Updated: 2024-02-01 22:55A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-1941",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-256"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0-418"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-033"
},
{
"model": "secure email gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.1-053"
},
{
"model": "secure email and web manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-050"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-050"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-033"
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.1-053"
},
{
"model": "cisco secure email gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "15.0.0-256"
},
{
"model": "cisco web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure email and web manager",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "14.0.0-418"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"cve": "CVE-2023-20119",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-20119",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-20119",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2023-20119",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-2001",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. \r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. \nFor more information about these vulnerabilities, see the Details section of this advisory. \nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20119"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "VULMON",
"id": "CVE-2023-20119"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20119",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20119"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"id": "VAR-202306-1941",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44624132
},
"last_update_date": "2024-02-01T22:55:23.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-esa-sma-wsa-xss-cP9DuEmq",
"trust": 0.8,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"title": "Multiple Cisco product Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=244902"
},
{
"title": "Cisco: Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-esa-sma-wsa-xss-cp9duemq"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20119"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-sma-wsa-xss-cp9duemq"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20119"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20119/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20119"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20119"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"date": "2023-06-28T15:15:09.700000",
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-30T06:38:00",
"db": "JVNDB",
"id": "JVNDB-2023-024108"
},
{
"date": "2023-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-2001"
},
{
"date": "2024-01-25T17:15:31.220000",
"db": "NVD",
"id": "CVE-2023-20119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-024108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-2001"
}
],
"trust": 0.6
}
}