How severe is CVE-2022-20768?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2022-20768?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2022-20768

MEDIUM Year: 2022

CVSS v3 Score

4.9

Medium

CVSS v2 Score

3.5

Low

Weakness Type

CWE-532

View all →

Vulnerability Description

A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.

CVE-2017-16946

MEDIUM

CVSS:4.9(Medium)

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

CWE-5322017

CVE-2019-0380

MEDIUM

CVSS:4.9(Medium)

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Dis...

CWE-5322019

CVE-2019-19150

MEDIUM

CVSS:4.9(Medium)

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached t...

CWE-5322019

CVE-2019-1961

MEDIUM

CVSS:4.9(Medium)

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected dev...

CWE-5322019

CVE-2020-7021

MEDIUM

CVSS:4.9(Medium)

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive...

CWE-5322020

CVE-2021-22219

MEDIUM

CVSS:4.9(Medium)

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtai...

CWE-5322021

CVE-2022-20768

Vulnerability Description

Related Vulnerabilities

CVE-2017-16946

CVE-2019-0380

CVE-2019-19150

CVE-2019-1961

CVE-2020-7021

CVE-2021-22219