How severe is CVE-2022-20914?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2022-20914?

This is classified as CWE-549, which is a common weakness in software security.

CVE-2022-20914

MEDIUM Year: 2022

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-549

View all →

Vulnerability Description

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials.

CVE-2024-10122

MEDIUM

CVSS:4.9(Medium)

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Deta...

CWE-5492024

CVE-2022-1342

MEDIUM

CVSS:4.6(Medium)

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed ...

CWE-5492022

CVE-2025-31727

MEDIUM

CVSS:5.5(Medium)

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Re...

CWE-5492025

CVE-2025-31728

MEDIUM

CVSS:5.5(Medium)

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier does not mask AsakusaSatellite API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CWE-5492025

CVE-2023-2062

MEDIUM

CVSS:6.2(Medium)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know ...

CWE-5492023

CVE-2023-1763

MEDIUM

CVSS:6.5(Medium)

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive inf...

CWE-5492023

CVE-2022-20914

Vulnerability Description

Related Vulnerabilities

CVE-2024-10122

CVE-2022-1342

CVE-2025-31727

CVE-2025-31728

CVE-2023-2062

CVE-2023-1763