CVE-2022-20942

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials. This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain confidential data that is stored on the affected device.

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

Severity	MEDIUM
CVSS	6.5
EPSS	0.27% EPSS medium
CWE	CWE-359
KEV
Published	3 years ago
Modified	1 year ago

Products with public affected evidence

Product	Advisory	Affected evidence
Cisco Secure Email and Web Manager	cisco-sa-cnt-sec-infodiscl-BVKKnUG	structured affected CSAF product_status
Cisco Secure Email	cisco-sa-cnt-sec-infodiscl-BVKKnUG	structured affected CSAF product_status
Cisco Secure Web Appliance	cisco-sa-cnt-sec-infodiscl-BVKKnUG	structured affected CSAF product_status