Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
将系统数据暴露到未授权控制的范围
Vulnerability Title
Cisco多款产品 信息泄露漏洞
Vulnerability Description
Cisco Email Security Appliance(ESA)和Cisco Secure Email都是美国思科(Cisco)公司的产品。Cisco Email Security Appliance是一个电子邮件安全设备。Cisco Secure Email是思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。 Cisco Email Security Appliance、Secure Email 和 Web Manager 存在安全漏洞,该漏洞源于查询外部身份验证
CVSS Information
N/A
Vulnerability Type
N/A