https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-HTTP-Inject-nvsycUmR

According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability due to a failure to sanitize input values. An unauthenticated, remote attacker can exploit this, by injecting malicious HTTP headers, in order to conduct an HTTP response splitting attack.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, Cisco Secure Email and Web Manager (SMA) is affected by a vulnerability due to a failure to sanitize input values. An unauthenticated, remote attacker can exploit this, by injecting malicious HTTP headers, in order to conduct an HTTP response splitting attack.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

ID	Name	Product	Family	Severity
166905	Cisco Email Security Appliance HTTP Response Header Injection (cisco-sa-ESA-HTTP-Inject-nvsycUmR)	Nessus	CISCO	medium
166904	Cisco Secure Email and Web Manager (SMA) HTTP Response Header Injection (cisco-sa-ESA-HTTP-Inject-nvsycUmR)	Nessus	CISCO	medium

CVE-2022-20772

medium

Tenable Plugins

medium

medium