CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20647

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2022-20647

Cisco » Security Manager » Version: N/A

cpe:2.3:a:cisco:security_manager:-
Cisco » Security Manager » Version: 3.0.2

cpe:2.3:a:cisco:security_manager:3.0.2
Cisco » Security Manager » Version: 3.1

cpe:2.3:a:cisco:security_manager:3.1
Cisco » Security Manager » Version: 3.1.1

cpe:2.3:a:cisco:security_manager:3.1.1
Cisco » Security Manager » Version: 3.2

cpe:2.3:a:cisco:security_manager:3.2
Cisco » Security Manager » Version: 3.2.1

cpe:2.3:a:cisco:security_manager:3.2.1
Cisco » Security Manager » Version: 3.2.2

cpe:2.3:a:cisco:security_manager:3.2.2
Cisco » Security Manager » Version: 3.3

cpe:2.3:a:cisco:security_manager:3.3
Cisco » Security Manager » Version: 3.3.1

cpe:2.3:a:cisco:security_manager:3.3.1
Cisco » Security Manager » Version: 4.0

cpe:2.3:a:cisco:security_manager:4.0
Cisco » Security Manager » Version: 4.0.1

cpe:2.3:a:cisco:security_manager:4.0.1
Cisco » Security Manager » Version: 4.1

cpe:2.3:a:cisco:security_manager:4.1
Cisco » Security Manager » Version: 4.10

cpe:2.3:a:cisco:security_manager:4.10
Cisco » Security Manager » Version: 4.11

cpe:2.3:a:cisco:security_manager:4.11
Cisco » Security Manager » Version: 4.12

cpe:2.3:a:cisco:security_manager:4.12
Cisco » Security Manager » Version: 4.13

cpe:2.3:a:cisco:security_manager:4.13
Cisco » Security Manager » Version: 4.14

cpe:2.3:a:cisco:security_manager:4.14
Cisco » Security Manager » Version: 4.15

cpe:2.3:a:cisco:security_manager:4.15
Cisco » Security Manager » Version: 4.16

cpe:2.3:a:cisco:security_manager:4.16
Cisco » Security Manager » Version: 4.17

cpe:2.3:a:cisco:security_manager:4.17
Cisco » Security Manager » Version: 4.18

cpe:2.3:a:cisco:security_manager:4.18
Cisco » Security Manager » Version: 4.19

cpe:2.3:a:cisco:security_manager:4.19
Cisco » Security Manager » Version: 4.2

cpe:2.3:a:cisco:security_manager:4.2
Cisco » Security Manager » Version: 4.20

cpe:2.3:a:cisco:security_manager:4.20
Cisco » Security Manager » Version: 4.21

cpe:2.3:a:cisco:security_manager:4.21
Cisco » Security Manager » Version: 4.22

cpe:2.3:a:cisco:security_manager:4.22
Cisco » Security Manager » Version: 4.3

cpe:2.3:a:cisco:security_manager:4.3
Cisco » Security Manager » Version: 4.4

cpe:2.3:a:cisco:security_manager:4.4
Cisco » Security Manager » Version: 4.5

cpe:2.3:a:cisco:security_manager:4.5
Cisco » Security Manager » Version: 4.6

cpe:2.3:a:cisco:security_manager:4.6
Cisco » Security Manager » Version: 4.7(0)

cpe:2.3:a:cisco:security_manager:4.7(0)
Cisco » Security Manager » Version: 4.8

cpe:2.3:a:cisco:security_manager:4.8
Cisco » Security Manager » Version: 4.9

cpe:2.3:a:cisco:security_manager:4.9
Cisco » Security Manager » Version: 4.9(0)qa99

cpe:2.3:a:cisco:security_manager:4.9(0)qa99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20647

Products

Pricing

Contact Us