2 matches found
CVE-2026-20223
Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...
CVE-2023-20136
CVE-2023-20136 concerns a privilege-escalation in the OpenAPI of Cisco Secure Workload. An authenticated, read-only user with valid credentials could invoke OpenAPI calls that should require Administrator privileges, enabling actions such as creating/deleting user labels due to RBAC misconfigurat...