Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Cisco AppDynamics by Cisco

    CVE-2024-20394 (GCVE-0-2024-20394)

    Vulnerability from nvd – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
    VLAI
    Summary
    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:33:17.627981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:33:27.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T17:21:46.986Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
            "defects": [
              "CSCwh65251"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20394",
        "datePublished": "2024-05-15T17:21:46.986Z",
        "dateReserved": "2023-11-08T15:08:07.659Z",
        "dateUpdated": "2024-08-09T18:33:27.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20346 (GCVE-0-2024-20346)

    Vulnerability from nvd – Published: 2024-03-06 16:33 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.0
    Affected: 21.2.1
    Affected: 21.2.2
    Affected: 21.2.3
    Affected: 21.2.6
    Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.11.0
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 21.12.0
    Affected: 21.12.2
    Affected: 21.12.1
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Affected: 23.7.1
    Affected: 23.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:08:10.898145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:21.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-xss-3JwqSMNT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.0"
                },
                {
                  "status": "affected",
                  "version": "21.2.1"
                },
                {
                  "status": "affected",
                  "version": "21.2.2"
                },
                {
                  "status": "affected",
                  "version": "21.2.3"
                },
                {
                  "status": "affected",
                  "version": "21.2.6"
                },
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.11.0"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.2"
                },
                {
                  "status": "affected",
                  "version": "21.12.1"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                },
                {
                  "status": "affected",
                  "version": "23.7.1"
                },
                {
                  "status": "affected",
                  "version": "23.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T16:33:26.815Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-xss-3JwqSMNT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-xss-3JwqSMNT",
            "defects": [
              "CSCwh29203"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20346",
        "datePublished": "2024-03-06T16:33:26.815Z",
        "dateReserved": "2023-11-08T15:08:07.643Z",
        "dateUpdated": "2024-08-01T21:59:41.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20345 (GCVE-0-2024-20345)

    Vulnerability from nvd – Published: 2024-03-06 16:33 – Updated: 2025-08-26 20:08
    VLAI
    Summary
    A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.0
    Affected: 21.2.1
    Affected: 21.2.2
    Affected: 21.2.3
    Affected: 21.2.6
    Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.11.0
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 21.12.0
    Affected: 21.12.2
    Affected: 21.12.1
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Affected: 23.7.1
    Affected: 23.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20345",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T16:48:25.947850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:08:10.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-traversal-m7N8mZpF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.0"
                },
                {
                  "status": "affected",
                  "version": "21.2.1"
                },
                {
                  "status": "affected",
                  "version": "21.2.2"
                },
                {
                  "status": "affected",
                  "version": "21.2.3"
                },
                {
                  "status": "affected",
                  "version": "21.2.6"
                },
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.11.0"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.2"
                },
                {
                  "status": "affected",
                  "version": "21.12.1"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                },
                {
                  "status": "affected",
                  "version": "23.7.1"
                },
                {
                  "status": "affected",
                  "version": "23.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T16:33:48.826Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-traversal-m7N8mZpF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-traversal-m7N8mZpF",
            "defects": [
              "CSCwh18934"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20345",
        "datePublished": "2024-03-06T16:33:48.826Z",
        "dateReserved": "2023-11-08T15:08:07.643Z",
        "dateUpdated": "2025-08-26T20:08:10.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20274 (GCVE-0-2023-20274)

    Vulnerability from nvd – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
    VLAI
    Summary
    A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-21T19:47:48.993316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:01:10.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:38.138Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
            "defects": [
              "CSCwh65119"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20274",
        "datePublished": "2023-11-21T18:49:52.044Z",
        "dateReserved": "2022-10-27T18:47:50.374Z",
        "dateUpdated": "2024-08-29T20:01:10.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20736 (GCVE-0-2022-20736)

    Vulnerability from nvd – Published: 2022-06-15 17:55 – Updated: 2024-11-01 19:02
    VLAI
    Title
    Cisco AppDynamics Controller Authorization Bypass Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:43:56.094002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:02:53.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-939",
                  "description": "CWE-939",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T17:55:21.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-contrl-athzn-bp-BLypgsbu",
            "defect": [
              [
                "CSCwa72853"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco AppDynamics Controller Authorization Bypass Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-06-15T23:00:00",
              "ID": "CVE-2022-20736",
              "STATE": "PUBLIC",
              "TITLE": "Cisco AppDynamics Controller Authorization Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco AppDynamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-939"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-appd-contrl-athzn-bp-BLypgsbu",
              "defect": [
                [
                  "CSCwa72853"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20736",
        "datePublished": "2022-06-15T17:55:21.656Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:02:53.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20394 (GCVE-0-2024-20394)

    Vulnerability from cvelistv5 – Published: 2024-05-15 17:21 – Updated: 2024-08-09 18:33
    VLAI
    Summary
    A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20394",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T18:33:17.627981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T18:33:27.091Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could exploit this vulnerability by sending an HTTP request to the targeted service. A successful exploit could allow the attacker to cause a DoS condition by stopping the Network Agent Service on the local device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-15T17:21:46.986Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-netvisdos-9zNbsJtK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-netvisdos-9zNbsJtK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-netvisdos-9zNbsJtK",
            "defects": [
              "CSCwh65251"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20394",
        "datePublished": "2024-05-15T17:21:46.986Z",
        "dateReserved": "2023-11-08T15:08:07.659Z",
        "dateUpdated": "2024-08-09T18:33:27.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20345 (GCVE-0-2024-20345)

    Vulnerability from cvelistv5 – Published: 2024-03-06 16:33 – Updated: 2025-08-26 20:08
    VLAI
    Summary
    A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.0
    Affected: 21.2.1
    Affected: 21.2.2
    Affected: 21.2.3
    Affected: 21.2.6
    Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.11.0
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 21.12.0
    Affected: 21.12.2
    Affected: 21.12.1
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Affected: 23.7.1
    Affected: 23.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20345",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T16:48:25.947850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T20:08:10.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-traversal-m7N8mZpF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.0"
                },
                {
                  "status": "affected",
                  "version": "21.2.1"
                },
                {
                  "status": "affected",
                  "version": "21.2.2"
                },
                {
                  "status": "affected",
                  "version": "21.2.3"
                },
                {
                  "status": "affected",
                  "version": "21.2.6"
                },
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.11.0"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.2"
                },
                {
                  "status": "affected",
                  "version": "21.12.1"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                },
                {
                  "status": "affected",
                  "version": "23.7.1"
                },
                {
                  "status": "affected",
                  "version": "23.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T16:33:48.826Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-traversal-m7N8mZpF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-traversal-m7N8mZpF",
            "defects": [
              "CSCwh18934"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20345",
        "datePublished": "2024-03-06T16:33:48.826Z",
        "dateReserved": "2023-11-08T15:08:07.643Z",
        "dateUpdated": "2025-08-26T20:08:10.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20346 (GCVE-0-2024-20346)

    Vulnerability from cvelistv5 – Published: 2024-03-06 16:33 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.0
    Affected: 21.2.1
    Affected: 21.2.2
    Affected: 21.2.3
    Affected: 21.2.6
    Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.11.0
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 21.12.0
    Affected: 21.12.2
    Affected: 21.12.1
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Affected: 23.7.1
    Affected: 23.7.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20346",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:08:10.898145Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:21.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-xss-3JwqSMNT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.0"
                },
                {
                  "status": "affected",
                  "version": "21.2.1"
                },
                {
                  "status": "affected",
                  "version": "21.2.2"
                },
                {
                  "status": "affected",
                  "version": "21.2.3"
                },
                {
                  "status": "affected",
                  "version": "21.2.6"
                },
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.11.0"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.0"
                },
                {
                  "status": "affected",
                  "version": "21.12.2"
                },
                {
                  "status": "affected",
                  "version": "21.12.1"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                },
                {
                  "status": "affected",
                  "version": "23.7.1"
                },
                {
                  "status": "affected",
                  "version": "23.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T16:33:26.815Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-xss-3JwqSMNT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-xss-3JwqSMNT",
            "defects": [
              "CSCwh29203"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20346",
        "datePublished": "2024-03-06T16:33:26.815Z",
        "dateReserved": "2023-11-08T15:08:07.643Z",
        "dateUpdated": "2024-08-01T21:59:41.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20274 (GCVE-0-2023-20274)

    Vulnerability from cvelistv5 – Published: 2023-11-21 18:49 – Updated: 2024-08-29 20:01
    VLAI
    Summary
    A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco AppDynamics Affected: 21.2.7
    Affected: 21.2.8
    Affected: 21.4.0
    Affected: 21.4.10
    Affected: 21.4.11
    Affected: 21.4.2
    Affected: 21.4.3
    Affected: 21.4.4
    Affected: 21.4.5
    Affected: 21.4.6
    Affected: 21.4.7
    Affected: 21.4.8
    Affected: 21.4.9
    Affected: 21.5.0
    Affected: 21.6.0
    Affected: 22.1.0
    Affected: 22.1.1
    Affected: 22.11.0
    Affected: 22.3.0
    Affected: 22.10.0
    Affected: 22.12.0
    Affected: 22.12.1
    Affected: 21.7.0
    Affected: 22.8.0
    Affected: 23.2.0
    Affected: 23.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.898Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-11-21T19:47:48.993316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T20:01:10.301Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "21.2.7"
                },
                {
                  "status": "affected",
                  "version": "21.2.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.0"
                },
                {
                  "status": "affected",
                  "version": "21.4.10"
                },
                {
                  "status": "affected",
                  "version": "21.4.11"
                },
                {
                  "status": "affected",
                  "version": "21.4.2"
                },
                {
                  "status": "affected",
                  "version": "21.4.3"
                },
                {
                  "status": "affected",
                  "version": "21.4.4"
                },
                {
                  "status": "affected",
                  "version": "21.4.5"
                },
                {
                  "status": "affected",
                  "version": "21.4.6"
                },
                {
                  "status": "affected",
                  "version": "21.4.7"
                },
                {
                  "status": "affected",
                  "version": "21.4.8"
                },
                {
                  "status": "affected",
                  "version": "21.4.9"
                },
                {
                  "status": "affected",
                  "version": "21.5.0"
                },
                {
                  "status": "affected",
                  "version": "21.6.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.0"
                },
                {
                  "status": "affected",
                  "version": "22.1.1"
                },
                {
                  "status": "affected",
                  "version": "22.11.0"
                },
                {
                  "status": "affected",
                  "version": "22.3.0"
                },
                {
                  "status": "affected",
                  "version": "22.10.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.0"
                },
                {
                  "status": "affected",
                  "version": "22.12.1"
                },
                {
                  "status": "affected",
                  "version": "21.7.0"
                },
                {
                  "status": "affected",
                  "version": "22.8.0"
                },
                {
                  "status": "affected",
                  "version": "23.2.0"
                },
                {
                  "status": "affected",
                  "version": "23.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "Improper Privilege Management",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:38.138Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-appd-php-authpriv-gEBwTvu5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-php-authpriv-gEBwTvu5",
            "defects": [
              "CSCwh65119"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20274",
        "datePublished": "2023-11-21T18:49:52.044Z",
        "dateReserved": "2022-10-27T18:47:50.374Z",
        "dateUpdated": "2024-08-29T20:01:10.301Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20736 (GCVE-0-2022-20736)

    Vulnerability from cvelistv5 – Published: 2022-06-15 17:55 – Updated: 2024-11-01 19:02
    VLAI
    Title
    Cisco AppDynamics Controller Authorization Bypass Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20736",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-01T18:43:56.094002Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-01T19:02:53.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco AppDynamics",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-939",
                  "description": "CWE-939",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T17:55:21.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
            }
          ],
          "source": {
            "advisory": "cisco-sa-appd-contrl-athzn-bp-BLypgsbu",
            "defect": [
              [
                "CSCwa72853"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco AppDynamics Controller Authorization Bypass Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-06-15T23:00:00",
              "ID": "CVE-2022-20736",
              "STATE": "PUBLIC",
              "TITLE": "Cisco AppDynamics Controller Authorization Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco AppDynamics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-939"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220615 Cisco AppDynamics Controller Authorization Bypass Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-appd-contrl-athzn-bp-BLypgsbu",
              "defect": [
                [
                  "CSCwa72853"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20736",
        "datePublished": "2022-06-15T17:55:21.656Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-01T19:02:53.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }