Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for enterprise_chat_and_email by cisco

    CVE-2025-20310 (GCVE-0-2025-20310)

    Vulnerability from nvd – Published: 2025-07-02 16:05 – Updated: 2025-07-02 17:32
    VLAI
    Title
    Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Affected: 11.5(1)_ES1_ET1
    Affected: 11.6(1)_ES6_ET1
    Affected: 11.6(1)_ES1
    Affected: 11.6(1)_ES8_ET1
    Affected: 11.5(1)_ES1
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.5(1)_ES4
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Affected: 12.5(1)_ES9
    Affected: 12.6(1)_ES9_ET2
    Affected: 12.6(1)_ES9_ET3
    Affected: 12.6(1)_ES10
    Affected: 12.6(1)_ES10_ET1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-02T17:28:39.761037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-02T17:32:09.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10_ET1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid\u0026nbsp;agent\u0026nbsp;credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-02T16:39:49.265Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-xss-CbtKtEYc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-xss-CbtKtEYc",
            "defects": [
              "CSCwo21879"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20310",
        "datePublished": "2025-07-02T16:05:43.738Z",
        "dateReserved": "2024-10-10T19:15:13.253Z",
        "dateUpdated": "2025-07-02T17:32:09.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20139 (GCVE-0-2025-20139)

    Vulnerability from nvd – Published: 2025-04-02 16:16 – Updated: 2025-04-02 16:33
    VLAI
    Summary
    A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-185 - Incorrect Regular Expression
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 11.6(1)_ES5
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES10
    Affected: 11.6(1)_ES11
    Affected: 11.6(1)_ES7
    Affected: 11.6(1)_ES8
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES12
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.0(1)
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)_ES2
    Affected: 12.0(1)_ES3
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 12.0(1)_ES5a
    Affected: 12.0(1)_ES6
    Affected: 12.0(1)_ES6_ET1
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.0(1)_ES7
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES1
    Affected: 12.5(1)_ES2
    Affected: 12.5(1)_ES3
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES4
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.5(1)_ES7
    Affected: 12.5(1)_ES8
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.5(1)_ES9
    Affected: 12.6(1)
    Affected: 12.6(1)_ET1
    Affected: 12.6(1)_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.6(1)_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6(1)_ES3
    Affected: 12.6(1)_ES4
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Affected: 12.6(1)_ES9_ET2
    Affected: 12.6(1)_ES9_ET3
    Affected: 12.6_ES2_ET1
    Affected: 12.6_ES2_ET2
    Affected: 12.6_ES2_ET3
    Affected: 12.6_ES2_ET4
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T16:33:38.164036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T16:33:45.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-185",
                  "description": "Incorrect Regular Expression",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T16:16:17.546Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-dos-tC6m9GZ8",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-dos-tC6m9GZ8",
            "defects": [
              "CSCwm08282"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20139",
        "datePublished": "2025-04-02T16:16:17.546Z",
        "dateReserved": "2024-10-10T19:15:13.213Z",
        "dateUpdated": "2025-04-02T16:33:45.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20633 (GCVE-0-2022-20633)

    Vulnerability from nvd – Published: 2024-11-15 16:15 – Updated: 2024-11-15 21:35
    VLAI
    Title
    Cisco Enterprise Chat and Email Username Enumeration Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    cisco enterprise_chat_and_email Affected: 0 , < 12.6(1)_ES1 (custom)
        cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_chat_and_email",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "12.6(1)_ES1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:00:16.076880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T21:35:35.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.\r\n\r\nThis vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "Observable Response Discrepancy",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:15:01.284Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20450"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Username Enumeration Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20633",
        "datePublished": "2024-11-15T16:15:01.284Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T21:35:35.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20632 (GCVE-0-2022-20632)

    Vulnerability from nvd – Published: 2024-11-15 16:14 – Updated: 2024-11-15 18:00
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:00:39.476767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:00:56.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:14:53.322Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20436"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20632",
        "datePublished": "2024-11-15T16:14:53.322Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T18:00:56.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20634 (GCVE-0-2022-20634)

    Vulnerability from nvd – Published: 2024-11-15 16:02 – Updated: 2024-11-15 16:28
    VLAI
    Title
    Cisco Enterprise Chat and Email Open Redirect Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:27:50.770905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T16:28:24.431Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.\r\nThis vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:02:16.937Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz50629"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Open Redirect Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20634",
        "datePublished": "2024-11-15T16:02:16.937Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T16:28:24.431Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20631 (GCVE-0-2022-20631)

    Vulnerability from nvd – Published: 2024-11-15 16:03 – Updated: 2024-11-15 16:25
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Affected: 11.5(1)_ES1_ET1
    Affected: 11.6(1)_ES1
    Affected: 11.6(1)_ES8_ET1
    Affected: 11.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:25:48.751392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T16:25:56.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:03:36.564Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20427"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20631",
        "datePublished": "2024-11-15T16:03:36.564Z",
        "dateReserved": "2021-11-02T13:28:29.029Z",
        "dateUpdated": "2024-11-15T16:25:56.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20484 (GCVE-0-2024-20484)

    Vulnerability from nvd – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:20
    VLAI
    Title
    Cisco Enterprise Chat and Email Denial of Service Vulnerability
    Summary
    A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources &gt; Services &gt; Unified CCE &gt; EAAS, then click Start.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Create a notification for this product.
    cisco enterprise_chat_and_email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
        cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_chat_and_email",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES9"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES11"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES9a"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES10"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES12"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES4_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET4"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES12_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES3_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES3_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES8"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES3_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES2_ET5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES8_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES6_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES4_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES9"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES9_ET1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:20:15.324243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:20:30.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources \u0026gt; Services \u0026gt; Unified CCE \u0026gt; EAAS, then click Start."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:20.865Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-dos-Oqb9uFEv",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-dos-Oqb9uFEv",
            "defects": [
              "CSCwj26667"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20484",
        "datePublished": "2024-11-06T16:29:20.865Z",
        "dateReserved": "2023-11-08T15:08:07.684Z",
        "dateUpdated": "2024-11-06T17:20:30.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20367 (GCVE-0-2024-20367)

    Vulnerability from nvd – Published: 2024-04-03 16:22 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 11.6(1)_ES5
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES10
    Affected: 11.6(1)_ES11
    Affected: 11.6(1)_ES7
    Affected: 11.6(1)_ES8
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES12
    Affected: 12.0(1)
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)_ES2
    Affected: 12.0(1)_ES3
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 12.0(1)_ES5a
    Affected: 12.0(1)_ES6
    Affected: 12.0(1)_ES6_ET1
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.0(1)_ES7
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES1
    Affected: 12.5(1)_ES2
    Affected: 12.5(1)_ES3
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES4
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.5(1)_ES7
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)
    Affected: 12.6(1)_ET1
    Affected: 12.6(1)_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.6(1)_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6(1)_ES3
    Affected: 12.6(1)_ES4
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6_ES2_ET1
    Affected: 12.6_ES2_ET2
    Affected: 12.6_ES2_ET3
    Affected: 12.6_ES2_ET4
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T19:09:37.153152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:29.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ece-xss-CSQxgxfM",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:22:22.902Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-xss-CSQxgxfM",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-xss-CSQxgxfM",
            "defects": [
              "CSCwi28527"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20367",
        "datePublished": "2024-04-03T16:22:22.902Z",
        "dateReserved": "2023-11-08T15:08:07.653Z",
        "dateUpdated": "2024-08-01T21:59:42.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from nvd – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-20802 (GCVE-0-2022-20802)

    Vulnerability from nvd – Published: 2022-05-27 14:06 – Updated: 2024-11-06 16:13
    VLAI
    Title
    Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20802",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:10.731668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:13:05.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-27T14:06:33.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-strd-xss-BqFXO9D2",
            "defect": [
              [
                "CSCwa92119"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-05-18T23:00:00",
              "ID": "CVE-2022-20802",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ece-strd-xss-BqFXO9D2",
              "defect": [
                [
                  "CSCwa92119"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20802",
        "datePublished": "2022-05-27T14:06:34.048Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:13:05.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from nvd – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1877 (GCVE-0-2019-1877)

    Vulnerability from nvd – Published: 2019-11-05 19:25 – Updated: 2024-11-21 19:05
    VLAI
    Title
    Cisco Enterprise Chat and Email Attachment Download Vulnerability
    Summary
    A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: unspecified , < 12.0(1)ES1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:55:51.330414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:05:56.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "12.0(1)ES1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T19:25:36.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190619-ecea-dwnload",
            "defect": [
              [
                "CSCvo99235"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Attachment Download Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-06-19T16:00:00-0700",
              "ID": "CVE-2019-1877",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Attachment Download Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "12.0(1)ES1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190619-ecea-dwnload",
              "defect": [
                [
                  "CSCvo99235"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1877",
        "datePublished": "2019-11-05T19:25:36.092Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:05:56.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1870 (GCVE-0-2019-1870)

    Vulnerability from nvd – Published: 2019-06-05 16:30 – Updated: 2024-11-21 19:22
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/108645 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: unspecified , < 11.6(1) (custom)
    Create a notification for this product.
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
              },
              {
                "name": "108645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108645"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:58:13.778975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:22:37.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "11.6(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-06T14:06:04.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
            },
            {
              "name": "108645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108645"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190605-ece-xss",
            "defect": [
              [
                "CSCvo85826"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-06-05T16:00:00-0700",
              "ID": "CVE-2019-1870",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "11.6(1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
                },
                {
                  "name": "108645",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108645"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190605-ece-xss",
              "defect": [
                [
                  "CSCvo85826"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1870",
        "datePublished": "2019-06-05T16:30:38.980Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:22:37.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1702 (GCVE-0-2019-1702)

    Vulnerability from nvd – Published: 2019-03-11 22:00 – Updated: 2024-11-21 19:42
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/107314 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:41.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107314"
              },
              {
                "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1702",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:59:58.305225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:42:32.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker\u0027s code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-12T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "107314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107314"
            },
            {
              "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190306-chatmail-xss",
            "defect": [
              [
                "CSCvn77926",
                "CSCvn77927"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
              "ID": "CVE-2019-1702",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6(1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker\u0027s code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107314"
                },
                {
                  "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190306-chatmail-xss",
              "defect": [
                [
                  "CSCvn77926",
                  "CSCvn77927"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1702",
        "datePublished": "2019-03-11T22:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:42:32.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20310 (GCVE-0-2025-20310)

    Vulnerability from cvelistv5 – Published: 2025-07-02 16:05 – Updated: 2025-07-02 17:32
    VLAI
    Title
    Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid&nbsp;agent&nbsp;credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Affected: 11.5(1)_ES1_ET1
    Affected: 11.6(1)_ES6_ET1
    Affected: 11.6(1)_ES1
    Affected: 11.6(1)_ES8_ET1
    Affected: 11.5(1)_ES1
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.5(1)_ES4
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Affected: 12.5(1)_ES9
    Affected: 12.6(1)_ES9_ET2
    Affected: 12.6(1)_ES9_ET3
    Affected: 12.6(1)_ES10
    Affected: 12.6(1)_ES10_ET1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-02T17:28:39.761037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-02T17:32:09.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10_ET1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid\u0026nbsp;agent\u0026nbsp;credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-02T16:39:49.265Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-xss-CbtKtEYc",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-xss-CbtKtEYc",
            "defects": [
              "CSCwo21879"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20310",
        "datePublished": "2025-07-02T16:05:43.738Z",
        "dateReserved": "2024-10-10T19:15:13.253Z",
        "dateUpdated": "2025-07-02T17:32:09.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20139 (GCVE-0-2025-20139)

    Vulnerability from cvelistv5 – Published: 2025-04-02 16:16 – Updated: 2025-04-02 16:33
    VLAI
    Summary
    A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-185 - Incorrect Regular Expression
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 11.6(1)_ES5
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES10
    Affected: 11.6(1)_ES11
    Affected: 11.6(1)_ES7
    Affected: 11.6(1)_ES8
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES12
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.0(1)
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)_ES2
    Affected: 12.0(1)_ES3
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 12.0(1)_ES5a
    Affected: 12.0(1)_ES6
    Affected: 12.0(1)_ES6_ET1
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.0(1)_ES7
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES1
    Affected: 12.5(1)_ES2
    Affected: 12.5(1)_ES3
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES4
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.5(1)_ES7
    Affected: 12.5(1)_ES8
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.5(1)_ES9
    Affected: 12.6(1)
    Affected: 12.6(1)_ET1
    Affected: 12.6(1)_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.6(1)_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6(1)_ES3
    Affected: 12.6(1)_ES4
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Affected: 12.6(1)_ES9_ET2
    Affected: 12.6(1)_ES9_ET3
    Affected: 12.6_ES2_ET1
    Affected: 12.6_ES2_ET2
    Affected: 12.6_ES2_ET3
    Affected: 12.6_ES2_ET4
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T16:33:38.164036Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T16:33:45.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-185",
                  "description": "Incorrect Regular Expression",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T16:16:17.546Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-dos-tC6m9GZ8",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-dos-tC6m9GZ8",
            "defects": [
              "CSCwm08282"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20139",
        "datePublished": "2025-04-02T16:16:17.546Z",
        "dateReserved": "2024-10-10T19:15:13.213Z",
        "dateUpdated": "2025-04-02T16:33:45.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20633 (GCVE-0-2022-20633)

    Vulnerability from cvelistv5 – Published: 2024-11-15 16:15 – Updated: 2024-11-15 21:35
    VLAI
    Title
    Cisco Enterprise Chat and Email Username Enumeration Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    cisco enterprise_chat_and_email Affected: 0 , < 12.6(1)_ES1 (custom)
        cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_chat_and_email",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThan": "12.6(1)_ES1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:00:16.076880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T21:35:35.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.\r\n\r\nThis vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "Observable Response Discrepancy",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:15:01.284Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20450"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Username Enumeration Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20633",
        "datePublished": "2024-11-15T16:15:01.284Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T21:35:35.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20632 (GCVE-0-2022-20632)

    Vulnerability from cvelistv5 – Published: 2024-11-15 16:14 – Updated: 2024-11-15 18:00
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T18:00:39.476767Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T18:00:56.895Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:14:53.322Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20436"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20632",
        "datePublished": "2024-11-15T16:14:53.322Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T18:00:56.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20631 (GCVE-0-2022-20631)

    Vulnerability from cvelistv5 – Published: 2024-11-15 16:03 – Updated: 2024-11-15 16:25
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Affected: 11.5(1)_ES1_ET1
    Affected: 11.6(1)_ES1
    Affected: 11.6(1)_ES8_ET1
    Affected: 11.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:25:48.751392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T16:25:56.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:03:36.564Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz20427"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20631",
        "datePublished": "2024-11-15T16:03:36.564Z",
        "dateReserved": "2021-11-02T13:28:29.029Z",
        "dateUpdated": "2024-11-15T16:25:56.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20634 (GCVE-0-2022-20634)

    Vulnerability from cvelistv5 – Published: 2024-11-15 16:02 – Updated: 2024-11-15 16:28
    VLAI
    Title
    Cisco Enterprise Chat and Email Open Redirect Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES8
    Affected: 12.0(1)_ES5a
    Affected: 11.6(1)_ES9
    Affected: 12.0(1)_ES6_ET1
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.5(1)_ES2
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.5(1)_ES1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:27:50.770905Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T16:28:24.431Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.\r\nThis vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T16:02:16.937Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-multivulns-kbK2yVhR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-multivulns-kbK2yVhR",
            "defects": [
              "CSCvz50629"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Open Redirect Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20634",
        "datePublished": "2024-11-15T16:02:16.937Z",
        "dateReserved": "2021-11-02T13:28:29.030Z",
        "dateUpdated": "2024-11-15T16:28:24.431Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20484 (GCVE-0-2024-20484)

    Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:20
    VLAI
    Title
    Cisco Enterprise Chat and Email Denial of Service Vulnerability
    Summary
    A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources &gt; Services &gt; Unified CCE &gt; EAAS, then click Start.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
    Create a notification for this product.
    cisco enterprise_chat_and_email Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 12.0(1)_ES6
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES5
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.0(1)_ES3
    Affected: 11.6(1)_ES11
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES10
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)
    Affected: 12.5(1)_ES3
    Affected: 12.6(1)
    Affected: 11.5(1)
    Affected: 12.0(1)_ES2
    Affected: 11.6(1)_ES7
    Affected: 12.6(1)_ET1
    Affected: 11.6(1)
    Affected: 12.6(1)_ET2
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.6(1)_ES1
    Affected: 11.6(1)_ES12
    Affected: 12.6(1)_ET3
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6_ES2_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.6_ES2_ET2
    Affected: 12.0(1)_ES7
    Affected: 12.6_ES2_ET3
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.6_ES2_ET4
    Affected: 12.6(1)_ES3
    Affected: 11.6(1)_ES12_ET1
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Affected: 12.6(1)_ES4
    Affected: 12.5(1)_ES7
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6(1)_ES7
    Affected: 12.6(1)_ES8
    Affected: 12.6(1)_ES4_ET2
    Affected: 12.6(1)_ES3_ET3
    Affected: 12.6(1)_ES2_ET5
    Affected: 12.6(1)_ES1_ET2
    Affected: 12.6(1)_ES8_ET1
    Affected: 12.6(1)_ES7_ET1
    Affected: 12.6(1)_ES6_ET3
    Affected: 12.6(1)_ES5_ET3
    Affected: 12.5(1)_ES8_ET1
    Affected: 12.5(1)_ES3_ET3
    Affected: 12.5(1)_ES5_ET2
    Affected: 12.5(1)_ES6_ET1
    Affected: 12.5(1)_ES4_ET2
    Affected: 12.5(1)_ES7_ET1
    Affected: 12.6(1)_ES8_ET2
    Affected: 12.6(1)_ES9
    Affected: 12.6(1)_ES9_ET1
        cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "enterprise_chat_and_email",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES9"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES11"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES9a"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES10"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES12"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES4_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES6_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES2_ET4"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES3"
                  },
                  {
                    "status": "affected",
                    "version": "11.6(1)_ES12_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES3_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6_ES3_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES8"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES7"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES4_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES3_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES2_ET5"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES1_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES6_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES5_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES8_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES3_ET3"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES5_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES6_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES4_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)_ES7_ET1"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES8_ET2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES9"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)_ES9_ET1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20484",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:20:15.324243Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:20:30.979Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2_ET5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES8_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES9_ET1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources \u0026gt; Services \u0026gt; Unified CCE \u0026gt; EAAS, then click Start."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:20.865Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-dos-Oqb9uFEv",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-dos-Oqb9uFEv",
            "defects": [
              "CSCwj26667"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20484",
        "datePublished": "2024-11-06T16:29:20.865Z",
        "dateReserved": "2023-11-08T15:08:07.684Z",
        "dateUpdated": "2024-11-06T17:20:30.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20367 (GCVE-0-2024-20367)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:22 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(1)_ES2
    Affected: 11.6(1)_ES3
    Affected: 11.6(1)_ES4
    Affected: 11.6(1)_ES5
    Affected: 11.6(1)_ES6
    Affected: 11.6(1)_ES10
    Affected: 11.6(1)_ES11
    Affected: 11.6(1)_ES7
    Affected: 11.6(1)_ES8
    Affected: 11.6(1)_ES9
    Affected: 11.6(1)_ES9a
    Affected: 11.6(1)_ES12
    Affected: 12.0(1)
    Affected: 12.0(1)_ES1
    Affected: 12.0(1)_ES2
    Affected: 12.0(1)_ES3
    Affected: 12.0(1)_ES4
    Affected: 12.0(1)_ES5
    Affected: 12.0(1)_ES5a
    Affected: 12.0(1)_ES6
    Affected: 12.0(1)_ES6_ET1
    Affected: 12.0(1)_ES6_ET2
    Affected: 12.0(1)_ES6_ET3
    Affected: 12.0(1)_ES7
    Affected: 12.0(1)_ES7_ET1
    Affected: 12.5(1)
    Affected: 12.5(1)_ES1
    Affected: 12.5(1)_ES2
    Affected: 12.5(1)_ES3
    Affected: 12.5(1)_ES3_ET1
    Affected: 12.5(1)_ET1
    Affected: 12.5(1)_ES4
    Affected: 12.5(1)_ES3_ET2
    Affected: 12.5(1)_ES4_ET1
    Affected: 12.5(1)_ES5
    Affected: 12.5(1)_ES5_ET1
    Affected: 12.5(1)_ES6
    Affected: 12.5(1)_ES7
    Affected: 12.5(1)_ES8
    Affected: 12.6(1)
    Affected: 12.6(1)_ET1
    Affected: 12.6(1)_ET2
    Affected: 12.6(1)_ES1
    Affected: 12.6(1)_ET3
    Affected: 12.6(1)_ES1_ET1
    Affected: 12.6(1)_ES2
    Affected: 12.6(1)_ES3
    Affected: 12.6(1)_ES4
    Affected: 12.6(1)_ES4_ET1
    Affected: 12.6(1)_ES5
    Affected: 12.6(1)_ES5_ET1
    Affected: 12.6(1)_ES5_ET2
    Affected: 12.6(1)_ES6
    Affected: 12.6(1)_ES6_ET1
    Affected: 12.6(1)_ES6_ET2
    Affected: 12.6_ES2_ET1
    Affected: 12.6_ES2_ET2
    Affected: 12.6_ES2_ET3
    Affected: 12.6_ES2_ET4
    Affected: 12.6_ES3_ET1
    Affected: 12.6_ES3_ET2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20367",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T19:09:37.153152Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:40:29.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.019Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ece-xss-CSQxgxfM",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES9a"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES5a"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES6_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES7_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES3_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES1_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES4_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES5_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES6_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET2"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET3"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES2_ET4"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET1"
                },
                {
                  "status": "affected",
                  "version": "12.6_ES3_ET2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:22:22.902Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ece-xss-CSQxgxfM",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CSQxgxfM"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-xss-CSQxgxfM",
            "defects": [
              "CSCwi28527"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20367",
        "datePublished": "2024-04-03T16:22:22.902Z",
        "dateReserved": "2023-11-08T15:08:07.653Z",
        "dateUpdated": "2024-08-01T21:59:42.019Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44487 (GCVE-0-2023-44487)

    Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52
    VLAI CISA KEVIntel
    Summary
    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    URL Tags
    https://github.com/dotnet/core/blob/e4613450ea0da…
    https://blog.cloudflare.com/technical-breakdown-h…
    https://aws.amazon.com/security/security-bulletin…
    https://cloud.google.com/blog/products/identity-s…
    https://www.nginx.com/blog/http-2-rapid-reset-att…
    https://cloud.google.com/blog/products/identity-s…
    https://news.ycombinator.com/item?id=37831062
    https://blog.cloudflare.com/zero-day-rapid-reset-…
    https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
    https://github.com/envoyproxy/envoy/pull/30055
    https://github.com/haproxy/haproxy/issues/2312
    https://github.com/eclipse/jetty.project/issues/10679
    https://forums.swift.org/t/swift-nio-http2-securi…
    https://github.com/nghttp2/nghttp2/pull/1961
    https://github.com/netty/netty/commit/58f75f665aa…
    https://github.com/alibaba/tengine/issues/1872
    https://github.com/apache/tomcat/tree/main/java/o…
    https://news.ycombinator.com/item?id=37830987
    https://news.ycombinator.com/item?id=37830998
    https://github.com/caddyserver/caddy/issues/5877
    https://www.bleepingcomputer.com/news/security/ne…
    https://github.com/bcdannyboy/CVE-2023-44487
    https://github.com/grpc/grpc-go/pull/6703
    https://github.com/icing/mod_h2/blob/0a864782af0a…
    https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
    https://mailman.nginx.org/pipermail/nginx-devel/2…
    https://my.f5.com/manage/s/article/K000137106
    https://msrc.microsoft.com/blog/2023/10/microsoft…
    https://bugzilla.proxmox.com/show_bug.cgi?id=4988
    https://cgit.freebsd.org/ports/commit/?id=c64c329…
    http://www.openwall.com/lists/oss-security/2023/10/10/7 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/10/6 mailing-list
    https://seanmonstar.com/post/730794151136935936/h…
    https://github.com/microsoft/CBL-Mariner/pull/6381
    https://groups.google.com/g/golang-announce/c/iNN…
    https://github.com/facebook/proxygen/pull/466
    https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
    https://github.com/micrictor/http2-rst-stream
    https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
    https://openssf.org/blog/2023/10/10/http-2-rapid-…
    https://github.com/h2o/h2o/security/advisories/GH…
    https://github.com/h2o/h2o/pull/3291
    https://github.com/nodejs/node/pull/50121
    https://github.com/dotnet/announcements/issues/277
    https://github.com/golang/go/issues/63417
    https://github.com/advisories/GHSA-vx74-f528-fxqg
    https://github.com/apache/trafficserver/pull/10564
    https://msrc.microsoft.com/update-guide/vulnerabi…
    https://tomcat.apache.org/security-10.html#Fixed_…
    https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
    https://www.openwall.com/lists/oss-security/2023/…
    https://www.haproxy.com/blog/haproxy-is-not-affec…
    https://github.com/opensearch-project/data-preppe…
    https://github.com/kubernetes/kubernetes/pull/121120
    https://github.com/oqtane/oqtane.framework/discus…
    https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
    https://netty.io/news/2023/10/10/4-1-100-Final.html
    https://www.cisa.gov/news-events/alerts/2023/10/1…
    https://www.theregister.com/2023/10/10/http2_rapi…
    https://blog.qualys.com/vulnerabilities-threat-re…
    https://news.ycombinator.com/item?id=37837043
    https://github.com/kazu-yamamoto/http2/issues/93
    https://martinthomson.github.io/h2-stream-limits/…
    https://github.com/kazu-yamamoto/http2/commit/f61…
    https://github.com/apache/httpd/blob/afcdbeebbff4…
    https://www.debian.org/security/2023/dsa-5522 vendor-advisory
    https://www.debian.org/security/2023/dsa-5521 vendor-advisory
    https://access.redhat.com/security/cve/cve-2023-44487
    https://github.com/ninenines/cowboy/issues/1615
    https://github.com/varnishcache/varnish-cache/iss…
    https://github.com/tempesta-tech/tempesta/issues/1986
    https://blog.vespa.ai/cve-2023-44487/
    https://github.com/etcd-io/etcd/issues/16740
    https://www.darkreading.com/cloud/internet-wide-z…
    https://istio.io/latest/news/security/istio-secur…
    https://github.com/junkurihara/rust-rpxy/issues/97
    https://bugzilla.suse.com/show_bug.cgi?id=1216123
    https://bugzilla.redhat.com/show_bug.cgi?id=2242803
    https://ubuntu.com/security/CVE-2023-44487
    https://community.traefik.io/t/is-traefik-vulnera…
    https://github.com/advisories/GHSA-qppj-fm5r-hxr3
    https://github.com/apache/httpd-site/pull/10
    https://github.com/projectcontour/contour/pull/5826
    https://github.com/linkerd/website/pull/1695/comm…
    https://github.com/line/armeria/pull/5232
    https://blog.litespeedtech.com/2023/10/11/rapid-r…
    https://security.paloaltonetworks.com/CVE-2023-44487
    https://github.com/akka/akka-http/issues/4323
    https://github.com/openresty/openresty/issues/930
    https://github.com/apache/apisix/issues/10320
    https://github.com/Azure/AKS/issues/3947
    https://github.com/Kong/kong/discussions/11741
    https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
    https://www.netlify.com/blog/netlify-successfully…
    https://github.com/caddyserver/caddy/releases/tag…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/13/9 mailing-list
    https://arstechnica.com/security/2023/10/how-ddos…
    https://lists.w3.org/Archives/Public/ietf-http-wg…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.netapp.com/advisory/ntap-2023101…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/4 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/18/8 mailing-list
    http://www.openwall.com/lists/oss-security/2023/10/19/6 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://www.openwall.com/lists/oss-security/2023/10/20/8 mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5540 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://www.debian.org/security/2023/dsa-5549 vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://www.debian.org/security/2023/dsa-5558 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    https://security.gentoo.org/glsa/202311-09 vendor-advisory
    https://www.debian.org/security/2023/dsa-5570 vendor-advisory
    https://security.netapp.com/advisory/ntap-2024042…
    https://security.netapp.com/advisory/ntap-2024062…
    https://security.netapp.com/advisory/ntap-2024062…
    https://github.com/grpc/grpc/releases/tag/v1.59.2
    https://sec.cloudapps.cisco.com/security/center/c…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://www.vicarius.io/vsociety/posts/rapid-rese…
    http://www.openwall.com/lists/oss-security/2025/08/13/6
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    https://cert-portal.siemens.com/productcert/html/…
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "http",
                "vendor": "ietf",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44487",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-23T20:34:21.334116Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2023-10-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:05:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2023-10-10T00:00:00.000Z",
                "value": "CVE-2023-44487 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37831062"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/envoyproxy/envoy/pull/30055"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/haproxy/haproxy/issues/2312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/jetty.project/issues/10679"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/pull/1961"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/alibaba/tengine/issues/1872"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830987"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37830998"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/issues/5877"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/bcdannyboy/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/grpc/grpc-go/pull/6703"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000137106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/facebook/proxygen/pull/466"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/micrictor/http2-rst-stream"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/h2o/h2o/pull/3291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nodejs/node/pull/50121"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/dotnet/announcements/issues/277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/golang/go/issues/63417"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/trafficserver/pull/10564"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kubernetes/kubernetes/pull/121120"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=37837043"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/issues/93"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
              },
              {
                "name": "DSA-5522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5522"
              },
              {
                "name": "DSA-5521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5521"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ninenines/cowboy/issues/1615"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.vespa.ai/cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/etcd-io/etcd/issues/16740"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ubuntu.com/security/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/httpd-site/pull/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/projectcontour/contour/pull/5826"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/line/armeria/pull/5232"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/akka/akka-http/issues/4323"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openresty/openresty/issues/930"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/apisix/issues/10320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Azure/AKS/issues/3947"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Kong/kong/discussions/11741"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
              },
              {
                "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
              },
              {
                "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
              },
              {
                "name": "FEDORA-2023-ed2642fd58",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
              },
              {
                "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
              },
              {
                "name": "[oss-security] 20231018 Vulnerability in Jenkins",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
              },
              {
                "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
              },
              {
                "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
              },
              {
                "name": "FEDORA-2023-54fadada12",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
              },
              {
                "name": "FEDORA-2023-5ff7bf1dd8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
              },
              {
                "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
              },
              {
                "name": "FEDORA-2023-17efd3f2cd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
              },
              {
                "name": "FEDORA-2023-d5030c983c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
              },
              {
                "name": "FEDORA-2023-0259c3f26f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
              },
              {
                "name": "FEDORA-2023-2a9214af5f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
              },
              {
                "name": "FEDORA-2023-e9c04d81c1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
              },
              {
                "name": "FEDORA-2023-f66fc0f62a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
              },
              {
                "name": "FEDORA-2023-4d2fd884ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
              },
              {
                "name": "FEDORA-2023-b2c50535cb",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
              },
              {
                "name": "FEDORA-2023-fe53e13b5b",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
              },
              {
                "name": "FEDORA-2023-4bf641255e",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
              },
              {
                "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
              },
              {
                "name": "DSA-5540",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5540"
              },
              {
                "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
              },
              {
                "name": "FEDORA-2023-1caffb88af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
              },
              {
                "name": "FEDORA-2023-3f70b8d406",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
              },
              {
                "name": "FEDORA-2023-7b52921cae",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
              },
              {
                "name": "FEDORA-2023-7934802344",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
              },
              {
                "name": "FEDORA-2023-dbe64661af",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
              },
              {
                "name": "FEDORA-2023-822aab0a5a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
              },
              {
                "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
              },
              {
                "name": "DSA-5549",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5549"
              },
              {
                "name": "FEDORA-2023-c0c6a91330",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
              },
              {
                "name": "FEDORA-2023-492b7be466",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
              },
              {
                "name": "DSA-5558",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5558"
              },
              {
                "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
              },
              {
                "name": "GLSA-202311-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-09"
              },
              {
                "name": "DSA-5570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2023/dsa-5570"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
              },
              {
                "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "defaultStatus": "unknown",
                "product": "RUGGEDCOM APE1808",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SINEC NMS",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "V3.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "defaultStatus": "unknown",
                "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
                "vendor": "Siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "V3.1.5",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T10:52:23.784Z",
              "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
              "shortName": "siemens-SADP"
            },
            "references": [
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
              },
              {
                "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
              }
            ],
            "x_adpType": "supplier"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-07T20:05:34.376Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
            },
            {
              "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
            },
            {
              "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
            },
            {
              "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
            },
            {
              "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37831062"
            },
            {
              "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
            },
            {
              "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
            },
            {
              "url": "https://github.com/envoyproxy/envoy/pull/30055"
            },
            {
              "url": "https://github.com/haproxy/haproxy/issues/2312"
            },
            {
              "url": "https://github.com/eclipse/jetty.project/issues/10679"
            },
            {
              "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/pull/1961"
            },
            {
              "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
            },
            {
              "url": "https://github.com/alibaba/tengine/issues/1872"
            },
            {
              "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830987"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37830998"
            },
            {
              "url": "https://github.com/caddyserver/caddy/issues/5877"
            },
            {
              "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
            },
            {
              "url": "https://github.com/bcdannyboy/CVE-2023-44487"
            },
            {
              "url": "https://github.com/grpc/grpc-go/pull/6703"
            },
            {
              "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
            },
            {
              "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
            },
            {
              "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000137106"
            },
            {
              "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
            },
            {
              "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
            },
            {
              "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
            },
            {
              "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
            },
            {
              "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
            },
            {
              "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
            },
            {
              "url": "https://github.com/facebook/proxygen/pull/466"
            },
            {
              "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
            },
            {
              "url": "https://github.com/micrictor/http2-rst-stream"
            },
            {
              "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
            },
            {
              "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
            },
            {
              "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
            },
            {
              "url": "https://github.com/h2o/h2o/pull/3291"
            },
            {
              "url": "https://github.com/nodejs/node/pull/50121"
            },
            {
              "url": "https://github.com/dotnet/announcements/issues/277"
            },
            {
              "url": "https://github.com/golang/go/issues/63417"
            },
            {
              "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
            },
            {
              "url": "https://github.com/apache/trafficserver/pull/10564"
            },
            {
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
            },
            {
              "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
            },
            {
              "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
            },
            {
              "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
            },
            {
              "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
            },
            {
              "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
            },
            {
              "url": "https://github.com/kubernetes/kubernetes/pull/121120"
            },
            {
              "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
            },
            {
              "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
            },
            {
              "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
            },
            {
              "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
            },
            {
              "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
            },
            {
              "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
            },
            {
              "url": "https://news.ycombinator.com/item?id=37837043"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/issues/93"
            },
            {
              "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
            },
            {
              "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
            },
            {
              "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
            },
            {
              "name": "DSA-5522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5522"
            },
            {
              "name": "DSA-5521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5521"
            },
            {
              "url": "https://access.redhat.com/security/cve/cve-2023-44487"
            },
            {
              "url": "https://github.com/ninenines/cowboy/issues/1615"
            },
            {
              "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
            },
            {
              "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
            },
            {
              "url": "https://blog.vespa.ai/cve-2023-44487/"
            },
            {
              "url": "https://github.com/etcd-io/etcd/issues/16740"
            },
            {
              "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
            },
            {
              "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
            },
            {
              "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
            },
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
            },
            {
              "url": "https://ubuntu.com/security/CVE-2023-44487"
            },
            {
              "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
            },
            {
              "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
            },
            {
              "url": "https://github.com/apache/httpd-site/pull/10"
            },
            {
              "url": "https://github.com/projectcontour/contour/pull/5826"
            },
            {
              "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
            },
            {
              "url": "https://github.com/line/armeria/pull/5232"
            },
            {
              "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
            },
            {
              "url": "https://github.com/akka/akka-http/issues/4323"
            },
            {
              "url": "https://github.com/openresty/openresty/issues/930"
            },
            {
              "url": "https://github.com/apache/apisix/issues/10320"
            },
            {
              "url": "https://github.com/Azure/AKS/issues/3947"
            },
            {
              "url": "https://github.com/Kong/kong/discussions/11741"
            },
            {
              "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
            },
            {
              "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
            },
            {
              "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
            },
            {
              "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
            },
            {
              "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
            },
            {
              "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
            },
            {
              "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
            },
            {
              "name": "FEDORA-2023-ed2642fd58",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
            },
            {
              "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
            },
            {
              "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
            },
            {
              "name": "[oss-security] 20231018 Vulnerability in Jenkins",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
            },
            {
              "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
            },
            {
              "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
            },
            {
              "name": "FEDORA-2023-54fadada12",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
            },
            {
              "name": "FEDORA-2023-5ff7bf1dd8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
            },
            {
              "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
            },
            {
              "name": "FEDORA-2023-17efd3f2cd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
            },
            {
              "name": "FEDORA-2023-d5030c983c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
            },
            {
              "name": "FEDORA-2023-0259c3f26f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
            },
            {
              "name": "FEDORA-2023-2a9214af5f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
            },
            {
              "name": "FEDORA-2023-e9c04d81c1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
            },
            {
              "name": "FEDORA-2023-f66fc0f62a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
            },
            {
              "name": "FEDORA-2023-4d2fd884ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
            },
            {
              "name": "FEDORA-2023-b2c50535cb",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
            },
            {
              "name": "FEDORA-2023-fe53e13b5b",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
            },
            {
              "name": "FEDORA-2023-4bf641255e",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
            },
            {
              "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
            },
            {
              "name": "DSA-5540",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5540"
            },
            {
              "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
            },
            {
              "name": "FEDORA-2023-1caffb88af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
            },
            {
              "name": "FEDORA-2023-3f70b8d406",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
            },
            {
              "name": "FEDORA-2023-7b52921cae",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
            },
            {
              "name": "FEDORA-2023-7934802344",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
            },
            {
              "name": "FEDORA-2023-dbe64661af",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
            },
            {
              "name": "FEDORA-2023-822aab0a5a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
            },
            {
              "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
            },
            {
              "name": "DSA-5549",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5549"
            },
            {
              "name": "FEDORA-2023-c0c6a91330",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
            },
            {
              "name": "FEDORA-2023-492b7be466",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
            },
            {
              "name": "DSA-5558",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5558"
            },
            {
              "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
            },
            {
              "name": "GLSA-202311-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202311-09"
            },
            {
              "name": "DSA-5570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2023/dsa-5570"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
            },
            {
              "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
            },
            {
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-44487",
        "datePublished": "2023-10-10T00:00:00.000Z",
        "dateReserved": "2023-09-29T00:00:00.000Z",
        "dateUpdated": "2026-05-12T10:52:23.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-20802 (GCVE-0-2022-20802)

    Vulnerability from cvelistv5 – Published: 2022-05-27 14:06 – Updated: 2024-11-06 16:13
    VLAI
    Title
    Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20802",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:10.731668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:13:05.071Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-27T14:06:33.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ece-strd-xss-BqFXO9D2",
            "defect": [
              [
                "CSCwa92119"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-05-18T23:00:00",
              "ID": "CVE-2022-20802",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220518 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-strd-xss-BqFXO9D2"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ece-strd-xss-BqFXO9D2",
              "defect": [
                [
                  "CSCwa92119"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20802",
        "datePublished": "2022-05-27T14:06:34.048Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:13:05.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from cvelistv5 – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1877 (GCVE-0-2019-1877)

    Vulnerability from cvelistv5 – Published: 2019-11-05 19:25 – Updated: 2024-11-21 19:05
    VLAI
    Title
    Cisco Enterprise Chat and Email Attachment Download Vulnerability
    Summary
    A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: unspecified , < 12.0(1)ES1 (custom)
    Create a notification for this product.
    Date Public
    2019-06-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:55:51.330414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:05:56.918Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "12.0(1)ES1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T19:25:36.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190619-ecea-dwnload",
            "defect": [
              [
                "CSCvo99235"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Attachment Download Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-06-19T16:00:00-0700",
              "ID": "CVE-2019-1877",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Attachment Download Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "12.0(1)ES1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to download files that other users attach through the chat feature. This vulnerability affects versions prior to 12.0(1)ES1."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190619 Cisco Enterprise Chat and Email Attachment Download Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-ecea-dwnload"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190619-ecea-dwnload",
              "defect": [
                [
                  "CSCvo99235"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1877",
        "datePublished": "2019-11-05T19:25:36.092Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:05:56.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1870 (GCVE-0-2019-1870)

    Vulnerability from cvelistv5 – Published: 2019-06-05 16:30 – Updated: 2024-11-21 19:22
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/108645 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Cisco Enterprise Chat and Email Affected: unspecified , < 11.6(1) (custom)
    Create a notification for this product.
    Date Public
    2019-06-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
              },
              {
                "name": "108645",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108645"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:58:13.778975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:22:37.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "11.6(1)",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-06-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-06T14:06:04.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
            },
            {
              "name": "108645",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108645"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190605-ece-xss",
            "defect": [
              [
                "CSCvo85826"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-06-05T16:00:00-0700",
              "ID": "CVE-2019-1870",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "11.6(1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface or allow the attacker to access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss"
                },
                {
                  "name": "108645",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108645"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190605-ece-xss",
              "defect": [
                [
                  "CSCvo85826"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1870",
        "datePublished": "2019-06-05T16:30:38.980Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:22:37.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1702 (GCVE-0-2019-1702)

    Vulnerability from cvelistv5 – Published: 2019-03-11 22:00 – Updated: 2024-11-21 19:42
    VLAI
    Title
    Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker's code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/107314 vdb-entryx_refsource_BID
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2019-03-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:41.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107314",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107314"
              },
              {
                "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1702",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T18:59:58.305225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:42:32.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Enterprise Chat and Email",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                }
              ]
            }
          ],
          "datePublic": "2019-03-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker\u0027s code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-12T09:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "107314",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107314"
            },
            {
              "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190306-chatmail-xss",
            "defect": [
              [
                "CSCvn77926",
                "CSCvn77927"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-03-06T16:00:00-0800",
              "ID": "CVE-2019-1702",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Enterprise Chat and Email",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.6(1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit these vulnerabilities either by injecting malicious code in a chat window or by sending a crafted link to a user of the interface. In both cases, the attacker must persuade the user to click the crafted link or open the chat window that contains the attacker\u0027s code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 11.6(1) is affected."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107314",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107314"
                },
                {
                  "name": "20190306 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-chatmail-xss"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190306-chatmail-xss",
              "defect": [
                [
                  "CSCvn77926",
                  "CSCvn77927"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1702",
        "datePublished": "2019-03-11T22:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:42:32.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }