CVE-2022-20664

CWE-497CWE-200Information Exposure4 documents4 sources
Severity
7.7HIGH
EPSS
0.4%
top 40.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Email Security ApplianceCisco Secure Email AND WEB ManagerCisco Cisco Email Security Appliance (esa)
Timeline
PublishedJun 15
Latest updateJun 16

Description

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attac

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

NVDcisco/secure_email_and_web_manager14.114.1.0-227+1

🔴Vulnerability Details

2
GHSA
GHSA-33hj-36q7-m72x: A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco E2022-06-16
CVEList
Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability2022-06-15

📋Vendor Advisories

1
Cisco
Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability2022-06-15