How severe is CVE-2022-20965?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2022-20965?

This is classified as CWE-648, which is a common weakness in software security.

CVE-2022-20965 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Related Vulnerabilities

CVE-2024-8785

MEDIUM

CVSS:5.3(Medium)

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWAR...

CWE-6482024

CVE-2024-53007

MEDIUM

CVSS:6.4(Medium)

Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.

CWE-6482024

CVE-2020-7927

MEDIUM

CVSS:6.5(Medium)

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions...

CWE-6482020

CVE-2023-20136

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator pr...

CWE-6482023

CVE-2024-46978

MEDIUM

CVSS:6.5(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, ...

CWE-6482024

CVE-2022-24071

MEDIUM

CVSS:4.3(Medium)

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.

CWE-6482022