Vulnerabilities > Cisco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20772 | Injection vulnerability in Cisco products A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. | 5.3 |
| 2022-11-04 | CVE-2022-20867 | SQL Injection vulnerability in Cisco Asyncos A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. | 6.5 |
| 2022-11-04 | CVE-2022-20937 | Resource Exhaustion vulnerability in Cisco Identity Services Engine A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. | 5.3 |
| 2022-11-04 | CVE-2022-20942 | Incorrect Authorization vulnerability in Cisco Asyncos A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. | 6.5 |
| 2022-11-04 | CVE-2022-20951 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Broadworks Messaging Server 22.0 A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
| 2022-11-04 | CVE-2022-20963 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. | 5.4 |
| 2022-11-04 | CVE-2022-20969 | Cross-site Scripting vulnerability in Cisco Umbrella 003.003(000) A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. | 5.4 |
| 2022-10-26 | CVE-2022-20776 | Path Traversal vulnerability in Cisco Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 6.7 |
| 2022-10-26 | CVE-2022-20953 | Path Traversal vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. | 5.5 |
| 2022-10-26 | CVE-2022-20959 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. | 5.4 |