Sam Coleman

**Name of the Vulnerable Software and Affected Versions** Cisco Email Security Appliance (ESA) (affected versions not specified) Cisco Secure Email and Web Manager (affected versions not specified) Cisco Secure Web Appliance (affected versions not specified) **Description** The issue is related to errors in authorization within the web-based management interface of the affected Cisco products. This could allow a remote attacker to disclose protected information by sending a specially crafted HTTP request. The vulnerability is due to weak enforcement of back-end authorization checks, which could enable an attacker to retrieve sensitive information, including user credentials, from an affected device. **Recommendations** For Cisco Email Security Appliance (ESA), update to a version that fixes the authorization weakness. For Cisco Secure Email and Web Manager, restrict access to the web-based management interface until a patch is available. For Cisco Secure Web Appliance, consider disabling the vulnerable web-based management interface functionality as a temporary workaround until a fix is released. Avoid using the web-based management interface for sensitive operations until the issue is resolved.