CVE-2022-20736 — Vulnetix

CVE-2022-20736 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability.

EPSS 0.45% · 63.8th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.45%

63.8th percentile

Affected Products

Vendor	Product	Versions
cisco	appdynamics_controller	0
Cisco	Cisco AppDynamics	n/a

Exploit Intelligence

20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability (circl)

Timeline

Jun 15, 2022 CVE Published
Jun 16, 2022 EPSS Score
Aug 4, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 26, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 6, 2023 EPSS Score
Aug 23, 2023 EPSS Score
Oct 10, 2023 EPSS Score

References

20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20736 advisory

Open in Interactive Console →