How severe is CVE-2022-20634?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2022-20634?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2022-20634

MEDIUM Year: 2022

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE-2012-0518

MEDIUM

CVSS:4.7(Medium)

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Re...

CWE-6012012

CVE-2017-6932

MEDIUM

CVSS:4.7(Medium)

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. Th...

CWE-6012017

CVE-2019-15974

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to...

CWE-6012019

CVE-2019-8995

MEDIUM

CVSS:4.7(Medium)

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric...

CWE-6012019

CVE-2020-15129

MEDIUM

CVSS:4.7(Medium)

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard compon...

CWE-6012020

CVE-2020-3337

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation o...

CWE-6012020

CVE-2022-20634

Vulnerability Description

Related Vulnerabilities

CVE-2012-0518

CVE-2017-6932

CVE-2019-15974

CVE-2019-8995

CVE-2020-15129

CVE-2020-3337