Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for ironport_encryption_appliance by cisco

    CVE-2012-0340 (GCVE-0-2012-0340)

    Vulnerability from nvd – Published: 2012-02-13 22:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-17T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-0340",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.secureworks.com/research/advisories/SWRX-2012-001/",
                  "refsource": "MISC",
                  "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-0340",
        "datePublished": "2012-02-13T22:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0145 (GCVE-0-2010-0145)

    Vulnerability from nvd – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0145",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0145",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0144 (GCVE-0-2010-0144)

    Vulnerability from nvd – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0144",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0144",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0143 (GCVE-0-2010-0143)

    Vulnerability from nvd – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0143",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0056 (GCVE-0-2009-0056)

    Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51398 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021594 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51398"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51398",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51398"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51398",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51398"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0056",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0055 (GCVE-0-2009-0055)

    Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51397 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021594 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51397"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51397",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51397"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0055",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51397",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51397"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0055",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0054 (GCVE-0-2009-0054)

    Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51396 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021593 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51396"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51396",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51396"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51396",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51396"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0054",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0053 (GCVE-0-2009-0053)

    Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://osvdb.org/51395 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021593 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "51395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51395"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a \"logic error.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "51395",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51395"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a \"logic error.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "51395",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51395"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0053",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0340 (GCVE-0-2012-0340)

    Vulnerability from cvelistv5 – Published: 2012-02-13 22:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.536Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-02-17T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-0340",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.secureworks.com/research/advisories/SWRX-2012-001/",
                  "refsource": "MISC",
                  "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/"
                },
                {
                  "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045",
                  "refsource": "CONFIRM",
                  "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-0340",
        "datePublished": "2012-02-13T22:00:00.000Z",
        "dateReserved": "2012-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.536Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0144 (GCVE-0-2010-0144)

    Vulnerability from cvelistv5 – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0144",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0144",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0145 (GCVE-0-2010-0145)

    Vulnerability from cvelistv5 – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.888Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0145",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0145",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0143 (GCVE-0-2010-0143)

    Vulnerability from cvelistv5 – Published: 2010-02-11 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cisco.com/en/US/products/products_appl… x_refsource_CONFIRM
    http://secunia.com/advisories/38525 third-party-advisoryx_refsource_SECUNIA
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    Date Public
    2010-02-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:53.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
              },
              {
                "name": "38525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38525"
              },
              {
                "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-02-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-02-26T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
            },
            {
              "name": "38525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38525"
            },
            {
              "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2010-0143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b17904.html"
                },
                {
                  "name": "38525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38525"
                },
                {
                  "name": "20100210 Multiple Vulnerabilities in Cisco IronPort Encryption Appliance",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b17903.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2010-0143",
        "datePublished": "2010-02-11T17:00:00.000Z",
        "dateReserved": "2010-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:53.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0055 (GCVE-0-2009-0055)

    Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51397 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021594 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.437Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51397"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51397",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51397"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0055",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to modify appliance preferences as arbitrary users via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51397",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51397"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0055",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.437Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0054 (GCVE-0-2009-0054)

    Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51396 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021593 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.520Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51396"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51396",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51396"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to capture credentials by tricking a user into reading a modified or crafted e-mail message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51396",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51396"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0054",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0056 (GCVE-0-2009-0056)

    Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://osvdb.org/51398 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021594 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.515Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "51398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51398"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021594",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "51398",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51398"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021594",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to execute commands and modify appliance preferences as arbitrary users via a logout action."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "51398",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51398"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021594",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0056",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0053 (GCVE-0-2009-0053)

    Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/33268 vdb-entryx_refsource_BID
    http://osvdb.org/51395 vdb-entryx_refsource_OSVDB
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://www.vupen.com/english/advisories/2009/0140 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/33479 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1021593 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-01-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33268"
              },
              {
                "name": "51395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/51395"
              },
              {
                "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
              },
              {
                "name": "ADV-2009-0140",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0140"
              },
              {
                "name": "33479",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33479"
              },
              {
                "name": "1021593",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1021593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a \"logic error.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-01-27T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "33268",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33268"
            },
            {
              "name": "51395",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/51395"
            },
            {
              "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
            },
            {
              "name": "ADV-2009-0140",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0140"
            },
            {
              "name": "33479",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33479"
            },
            {
              "name": "1021593",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1021593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2009-0053",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a \"logic error.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33268",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33268"
                },
                {
                  "name": "51395",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/51395"
                },
                {
                  "name": "20090114 IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a5c4f7.shtml"
                },
                {
                  "name": "ADV-2009-0140",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0140"
                },
                {
                  "name": "33479",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33479"
                },
                {
                  "name": "1021593",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1021593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2009-0053",
        "datePublished": "2009-01-16T21:00:00.000Z",
        "dateReserved": "2009-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }