VDB

CVE-2022-20680

CVE-2022-20680 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application.

EPSS 0.32% · 55.4th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.32%
55.4th percentile

Affected Products

VendorProductVersions
ciscoprime_service_catalog0, 12.1, 12.1
CiscoCisco Prime Service Catalogn/a

Exploit Intelligence

Timeline

  • Feb 10, 2022 CVE Published
  • Feb 11, 2022 EPSS Score
  • Apr 4, 2022 EPSS Score
  • May 27, 2022 EPSS Score
  • Jul 19, 2022 EPSS Score
  • Sep 9, 2022 EPSS Score
  • Nov 1, 2022 EPSS Score
  • Dec 23, 2022 EPSS Score
  • Feb 13, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 7, 2023 EPSS Score
  • May 29, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›