Skip to main content

Security Manager

17 CVEs product

Monthly

CVE-2024-7720 CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-27131 CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
87.7%
CVE-2020-27130 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Security Manager
NVD
CVSS 3.1
9.1
EPSS
65.9%
CVE-2020-27125 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-6142 MEDIUM This Month

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Security Security Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-12630 CRITICAL Act Now

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization Security Manager
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2019-1903 CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco Security Manager
NVD
CVSS 3.0
9.1
EPSS
2.2%
CVE-2018-0223 MEDIUM This Month

A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2015-0727 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0594 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Lan Management Solution Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3326 MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Security Manager
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-0602 HIGH This Week

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Code Injection Security Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-3267 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Security Manager
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-3266 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3265 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2138 MEDIUM This Month

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Security Manager
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5488 MEDIUM This Month

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Lan Management Solution Security Manager Unified Operations Manager +1
NVD
CVSS 2.0
5.0
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE +1
NVD
EPSS 88% CVSS 9.8
CRITICAL Act Now

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Microsoft +2
NVD
EPSS 66% CVSS 9.1
CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Path Traversal Security Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Security Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Security Security Manager
NVD
EPSS 66% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Cisco Deserialization +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Cisco +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Prime Lan Management Solution +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Security Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Code Injection +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Security Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Security Manager
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Lan Management Solution +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy