Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-20967
HistoryJan 20, 2023 - 7:15 a.m.

CVE-2022-20967

2023-01-2007:15:11
CWE-79
[email protected]
web.nvd.nist.gov
5
cisco
identity services engine
cross-site scripting

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.

This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.

Cisco has not yet released software updates that address this vulnerability.

Affected configurations

Nvd
Node
ciscoidentity_services_engineRange<2.6.0
OR
ciscoidentity_services_engineMatch2.6.0-
OR
ciscoidentity_services_engineMatch2.6.0patch1
OR
ciscoidentity_services_engineMatch2.6.0patch10
OR
ciscoidentity_services_engineMatch2.6.0patch11
OR
ciscoidentity_services_engineMatch2.6.0patch12
OR
ciscoidentity_services_engineMatch2.6.0patch2
OR
ciscoidentity_services_engineMatch2.6.0patch3
OR
ciscoidentity_services_engineMatch2.6.0patch5
OR
ciscoidentity_services_engineMatch2.6.0patch6
OR
ciscoidentity_services_engineMatch2.6.0patch7
OR
ciscoidentity_services_engineMatch2.6.0patch8
OR
ciscoidentity_services_engineMatch2.6.0patch9
OR
ciscoidentity_services_engineMatch2.7.0-
OR
ciscoidentity_services_engineMatch2.7.0patch1
OR
ciscoidentity_services_engineMatch2.7.0patch2
OR
ciscoidentity_services_engineMatch2.7.0patch3
OR
ciscoidentity_services_engineMatch2.7.0patch4
OR
ciscoidentity_services_engineMatch2.7.0patch5
OR
ciscoidentity_services_engineMatch2.7.0patch6
OR
ciscoidentity_services_engineMatch2.7.0patch7
OR
ciscoidentity_services_engineMatch3.0.0-
OR
ciscoidentity_services_engineMatch3.0.0patch1
OR
ciscoidentity_services_engineMatch3.0.0patch2
OR
ciscoidentity_services_engineMatch3.0.0patch3
OR
ciscoidentity_services_engineMatch3.0.0patch4
OR
ciscoidentity_services_engineMatch3.0.0patch5
OR
ciscoidentity_services_engineMatch3.0.0patch6
OR
ciscoidentity_services_engineMatch3.1-
OR
ciscoidentity_services_engineMatch3.1patch1
OR
ciscoidentity_services_engineMatch3.1patch3
OR
ciscoidentity_services_engineMatch3.1patch4
OR
ciscoidentity_services_engineMatch3.2-
VendorProductVersionCPE
ciscoidentity_services_engine*cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch12:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*
ciscoidentity_services_engine2.6.0cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*
Rows per page:
1-10 of 331

Related

prion 1
cvelist 1
cve 1
nessus 1
cisco 1
prion
prion
Cross site scripting
2023-01-20 07:15:00
cvelist
cvelist
CVE-2022-20967
2023-01-18 17:48:19
cve
cve
CVE-2022-20967
2023-01-20 07:15:11
nessus
nessus
Cisco Identity Services Engine Vulnerabilities (cisco-sa-ise-7Q4TNYUx)
2022-12-30 00:00:00
cisco
cisco
Cisco Identity Services Engine Vulnerabilities
2022-11-16 16:00:00

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON
Related for NVD:CVE-2022-20967
prion1cvelist1cve1nessus1cisco1