Vulnerabilities > Cisco > Catalyst SD WAN Manager > 20.11.1.2

DATE CVE VULNERABILITY TITLE RISK
2024-09-25 CVE-2024-20475 Cross-site Scripting vulnerability in Cisco Catalyst Sd-Wan Manager
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
5.4
2023-09-27 CVE-2023-20252 Improper Authentication vulnerability in Cisco Catalyst Sd-Wan Manager 20.11.1.2/20.9.3.2
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs.
network
low complexity
cisco CWE-287
critical
9.8