Print Page - Cisco Security Advisory - Cisco Enterprise Chat and Email Vulnerabilities

Title: Cisco Security Advisory - Cisco Enterprise Chat and Email Vulnerabilities
Post by: Netwörkheäd on March 23, 2022, 06:02:26 AM

Cisco Enterprise Chat and Email Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks, enumerate existing user accounts, and redirect a user to an undesired webpage.
For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR</a>

Security Impact Rating: Medium

CVE: CVE-2022-20631,CVE-2022-20632,CVE-2022-20633,CVE-2022-20634
Source: Cisco Enterprise Chat and Email Vulnerabilities (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Enterprise%20Chat%20and%20Email%20Vulnerabilities&vs_k=1)

Networking-Forums.com

Professional Discussions => Vendor Advisories => Topic started by: Netwörkheäd on March 23, 2022, 06:02:26 AM