Skip to main content

Umbrella

11 CVEs product

Monthly

CVE-2022-20969 MEDIUM This Month

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Umbrella
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-40126 MEDIUM This Month

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Umbrella
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-1475 MEDIUM PATCH This Month

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
4.1
EPSS
0.7%
CVE-2021-1474 HIGH This Week

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2021-1350 MEDIUM This Month

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Umbrella
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-3337 MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Umbrella
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-3246 MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-1807 HIGH This Week

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Cisco Information Disclosure Umbrella
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-1792 MEDIUM This Month

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Umbrella
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-0435 CRITICAL Act Now

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Umbrella
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2017-6679 MEDIUM This Month

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Information Disclosure Umbrella
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Umbrella
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Umbrella
NVD
EPSS 1% CVSS 4.1
MEDIUM PATCH This Month

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity.

Cisco Code Injection Umbrella
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Umbrella
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Umbrella
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Code Injection Umbrella
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Cisco Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Umbrella
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Umbrella
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in. Rated medium severity (CVSS 6.4). No vendor patch available.

Cisco Information Disclosure Umbrella
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy