The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. The bugs affect Cisco’s Business Process Automation application and Cisco s Web Security Appliance (WSA) A successful exploit would involve sending crafted HTTP messages to an affected system. The issue affects both the virtual and hardware-based iterations of the appliances, in Releases 11.8 and earlier, 12.0 and 12.5.1. The vulnerabilities affect Cisco BPA releases earlier than Release 3.1.
Source: https://threatpost.com/cisco-bpa-wsa-bugs-cyberattacks/167654/