CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20867

A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system. The attacker must have the credentials of a high-privileged user account. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.3%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-20867

Cisco » Secure Email And Web Manager » Version: N/A

cpe:2.3:h:cisco:secure_email_and_web_manager:-
Cisco » Secure Email Gateway » Version: N/A

cpe:2.3:h:cisco:secure_email_gateway:-
Cisco » Asyncos » Version: 12.0

cpe:2.3:o:cisco:asyncos:12.0
Cisco » Asyncos » Version: 12.0.0

cpe:2.3:o:cisco:asyncos:12.0.0
Cisco » Asyncos » Version: 12.0.1-268

cpe:2.3:o:cisco:asyncos:12.0.1-268
Cisco » Asyncos » Version: 12.0.2

cpe:2.3:o:cisco:asyncos:12.0.2
Cisco » Asyncos » Version: 12.0.3-005

cpe:2.3:o:cisco:asyncos:12.0.3-005
Cisco » Asyncos » Version: 12.0.3-007

cpe:2.3:o:cisco:asyncos:12.0.3-007
Cisco » Asyncos » Version: 12.0.5-011

cpe:2.3:o:cisco:asyncos:12.0.5-011
Cisco » Asyncos » Version: 12.1

cpe:2.3:o:cisco:asyncos:12.1
Cisco » Asyncos » Version: 12.1.0-085

cpe:2.3:o:cisco:asyncos:12.1.0-085
Cisco » Asyncos » Version: 12.5

cpe:2.3:o:cisco:asyncos:12.5
Cisco » Asyncos » Version: 12.5.0

cpe:2.3:o:cisco:asyncos:12.5.0
Cisco » Asyncos » Version: 12.5.0-059

cpe:2.3:o:cisco:asyncos:12.5.0-059
Cisco » Asyncos » Version: 12.5.0-633

cpe:2.3:o:cisco:asyncos:12.5.0-633
Cisco » Asyncos » Version: 12.5.1-011

cpe:2.3:o:cisco:asyncos:12.5.1-011
Cisco » Asyncos » Version: 12.5.2-007

cpe:2.3:o:cisco:asyncos:12.5.2-007
Cisco » Asyncos » Version: 12.5.4-005

cpe:2.3:o:cisco:asyncos:12.5.4-005
Cisco » Asyncos » Version: 12.5.5

cpe:2.3:o:cisco:asyncos:12.5.5
Cisco » Asyncos » Version: 12.5.5-004

cpe:2.3:o:cisco:asyncos:12.5.5-004
Cisco » Asyncos » Version: 12.7

cpe:2.3:o:cisco:asyncos:12.7
Cisco » Asyncos » Version: 13.0

cpe:2.3:o:cisco:asyncos:13.0
Cisco » Asyncos » Version: 13.0.0

cpe:2.3:o:cisco:asyncos:13.0.0
Cisco » Asyncos » Version: 13.0.4

cpe:2.3:o:cisco:asyncos:13.0.4
Cisco » Asyncos » Version: 13.5.0

cpe:2.3:o:cisco:asyncos:13.5.0
Cisco » Asyncos » Version: 13.5.1

cpe:2.3:o:cisco:asyncos:13.5.1
Cisco » Asyncos » Version: 13.5.1-277

cpe:2.3:o:cisco:asyncos:13.5.1-277
Cisco » Asyncos » Version: 13.5.2

cpe:2.3:o:cisco:asyncos:13.5.2
Cisco » Asyncos » Version: 13.5.3-010

cpe:2.3:o:cisco:asyncos:13.5.3-010
Cisco » Asyncos » Version: 13.6

cpe:2.3:o:cisco:asyncos:13.6
Cisco » Asyncos » Version: 13.6.1

cpe:2.3:o:cisco:asyncos:13.6.1
Cisco » Asyncos » Version: 13.6.1-193

cpe:2.3:o:cisco:asyncos:13.6.1-193
Cisco » Asyncos » Version: 13.7.0-093

cpe:2.3:o:cisco:asyncos:13.7.0-093
Cisco » Asyncos » Version: 14.0

cpe:2.3:o:cisco:asyncos:14.0
Cisco » Asyncos » Version: 14.0.1

cpe:2.3:o:cisco:asyncos:14.0.1
Cisco » Asyncos » Version: 14.0.1-014

cpe:2.3:o:cisco:asyncos:14.0.1-014
Cisco » Asyncos » Version: 14.0.2-012

cpe:2.3:o:cisco:asyncos:14.0.2-012
Cisco » Asyncos » Version: 14.0.3-014

cpe:2.3:o:cisco:asyncos:14.0.3-014
Cisco » Asyncos » Version: 14.0.4

cpe:2.3:o:cisco:asyncos:14.0.4
Cisco » Asyncos » Version: 14.0.4-005

cpe:2.3:o:cisco:asyncos:14.0.4-005
Cisco » Asyncos » Version: 14.1

cpe:2.3:o:cisco:asyncos:14.1
Cisco » Asyncos » Version: 14.2.0

cpe:2.3:o:cisco:asyncos:14.2.0
Cisco » Asyncos » Version: 14.2.0-217

cpe:2.3:o:cisco:asyncos:14.2.0-217

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-20867

Products

Pricing

Contact Us