2023-06-28 16:00:32 +00:00
{
"id" : "CVE-2023-20119" ,
"sourceIdentifier" : "ykramarz@cisco.com" ,
"published" : "2023-06-28T15:15:09.700" ,
2024-01-25 19:00:44 +00:00
"lastModified" : "2024-01-25T17:15:31.220" ,
2023-07-12 20:00:38 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-06-28 16:00:32 +00:00
"descriptions" : [
{
"lang" : "en" ,
2023-07-12 20:00:38 +00:00
"value" : "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
2023-06-28 16:00:32 +00:00
}
] ,
"metrics" : {
2023-07-07 14:00:30 +00:00
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 2.7
2023-07-12 20:00:38 +00:00
} ,
2023-06-28 16:00:32 +00:00
{
"source" : "ykramarz@cisco.com" ,
"type" : "Secondary" ,
"cvssData" : {
2023-07-12 20:00:38 +00:00
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
2023-06-28 16:00:32 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2023-07-12 20:00:38 +00:00
"privilegesRequired" : "NONE" ,
2023-06-28 16:00:32 +00:00
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
2023-07-12 20:00:38 +00:00
"baseScore" : 6.1 ,
2023-06-28 16:00:32 +00:00
"baseSeverity" : "MEDIUM"
} ,
2023-07-12 20:00:38 +00:00
"exploitabilityScore" : 2.8 ,
2023-06-28 16:00:32 +00:00
"impactScore" : 2.7
}
]
} ,
"weaknesses" : [
2023-07-07 14:00:30 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
2024-01-25 19:00:44 +00:00
} ,
{
"source" : "ykramarz@cisco.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
2023-06-28 16:00:32 +00:00
}
] ,
2023-07-07 14:00:30 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "91A23056-1521-4982-8F4D-BCDB6F9E98EE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D9897B99-0295-4D4D-8EE7-88FB5BC97123"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "286B37A2-A7B1-44D9-A2BD-56F9C26195A7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-050:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3774F588-98E5-4197-B858-FF83B5838265"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_and_web_manager:15.0.0-256:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "99A048C2-7352-4ED5-990F-95467AAB022C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_gateway:14.0.0-418:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "02212FE3-CEE6-4609-B9AE-CD228F4ADFFC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-033:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B0DB52EF-1542-4665-AC44-F1E3B074B615"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_gateway:14.0.1-053:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "615DD221-9200-41D1-9DAF-CC8BEB67342C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-050:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4AEA665F-86B3-4AA6-9E99-6F935264222A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:secure_email_gateway:15.0.0-256:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "988AAD9A-B4FD-42C5-B222-53A4E69CE87E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:web_security_appliance:14.0.0-418:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A694B4F-D454-405B-B620-A899543DA2E8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:web_security_appliance:14.0.1-033:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CB812B1F-3E7E-4AD6-9AA3-241B957A0047"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:web_security_appliance:14.0.1-053:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BDE6AB7B-561D-4D50-907B-605CD0649A98"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:web_security_appliance:15.0.0-050:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B71B523B-95F6-463F-B96B-9C301B6FFA9B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:web_security_appliance:15.0.0-256:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1DFDA027-9BED-4DB5-804D-A192FF8138CF"
}
]
}
]
}
] ,
2023-06-28 16:00:32 +00:00
"references" : [
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq" ,
2023-07-07 14:00:30 +00:00
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Vendor Advisory"
]
2023-06-28 16:00:32 +00:00
}
]
}
