How severe is CVE-2022-20791?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-20791?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2022-20791

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-36

View all →

Vulnerability Description

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.

CVE-2021-1617

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection atta...

CWE-362021

CVE-2021-21586

MEDIUM

CVSS:6.5(Medium)

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files...

CWE-362021

CVE-2021-30173

MEDIUM

CVSS:6.5(Medium)

Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file.

CWE-362021

CVE-2021-32506

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been...

CWE-362021

CVE-2021-32507

MEDIUM

CVSS:6.5(Medium)

Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has ...

CWE-362021

CVE-2023-2101

MEDIUM

CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUr...

CWE-362023

CVE-2022-20791

Vulnerability Description

Related Vulnerabilities

CVE-2021-1617

CVE-2021-21586

CVE-2021-30173

CVE-2021-32506

CVE-2021-32507

CVE-2023-2101