CVE-2022-20680
Cisco Prime Service Catalog Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco Prime Service Catalog podría permitir a un atacante remoto autenticado acceder a información confidencial en un dispositivo afectado. Esta vulnerabilidad es debido a una aplicación inapropiada de los niveles de privilegio de administrador para los datos confidenciales de bajo valor. Un atacante con acceso de administrador de sólo lectura a la interfaz de administración basada en web podría explotar esta vulnerabilidad mediante el envío de una petición HTTP maliciosa a la página que contiene los datos confidenciales. Una explotación con éxito podría permitir al atacante recopilar información confidencial sobre los usuarios del sistema y los pedidos que han sido realizados usando la aplicación
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-02 CVE Reserved
- 2022-02-10 CVE Published
- 2024-04-26 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | <= 12.0 Search vendor "Cisco" for product "Prime Service Catalog" and version " <= 12.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch10 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch11 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch12 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch13 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch14 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch15 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch16 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch17 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch6 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch7 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch8 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Service Catalog Search vendor "Cisco" for product "Prime Service Catalog" | 12.1 Search vendor "Cisco" for product "Prime Service Catalog" and version "12.1" | patch9 |
Affected
| ||||||