SQL Injection in Cisco Secure Email
CVE-2022-20867
A vulnerability in web-based management interface of the of Cisco Email Security Appliance and Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct SQL injection attacks as root on an affected system…
Vulnerability class: SQL Injection
EPSS: 0.001 (31.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Cisco Secure Email — versions 13.0.0-392, 13.5.1-277, 12.5.0-066
- Cisco Secure Email And Web Manager — versions 12.0.1-011, 12.5.0-636, 12.5.0-658
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2022-20867?
- CVE-2022-20867 is a medium-severity vulnerability in Cisco Secure Email, classified under SQL Injection. CVSS score: 5.4/10. Published 2022-11-03.
- How severe is CVE-2022-20867?
- Medium severity. CVSS v3 base score is 5.4 out of 10.