CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20772

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.1%

CVSS Severity

CVSS v3 Score 4.7

References

Products affected by CVE-2022-20772

Cisco » Email Security Appliance » Version: N/A

cpe:2.3:h:cisco:email_security_appliance:-
Cisco » Secure Email And Web Manager » Version: N/A

cpe:2.3:h:cisco:secure_email_and_web_manager:-
Cisco » Email Security Appliance Firmware » Version: 13.5.1

cpe:2.3:o:cisco:email_security_appliance_firmware:13.5.1
Cisco » Email Security Appliance Firmware » Version: 14.1

cpe:2.3:o:cisco:email_security_appliance_firmware:14.1
Cisco » Email Security Appliance Firmware » Version: 14.3

cpe:2.3:o:cisco:email_security_appliance_firmware:14.3
Cisco » Secure Email And Web Manager Firmware » Version: 14.2

cpe:2.3:o:cisco:secure_email_and_web_manager_firmware:14.2
Cisco » Secure Email And Web Manager Firmware » Version: 14.3

cpe:2.3:o:cisco:secure_email_and_web_manager_firmware:14.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20772

Products

Pricing

Contact Us