How severe is CVE-2022-20744?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-20744?

This is classified as CWE-807, which is a common weakness in software security.

CVE-2022-20744 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization.

Related Vulnerabilities

CVE-2017-0887

MEDIUM

CVSS:4.3(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary ...

CWE-8072017

CVE-2024-45654

MEDIUM

CVSS:4.3(Medium)

IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.

CWE-8072024

CVE-2020-5252

MEDIUM

CVSS:4.1(Medium)

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routi...

CWE-8072020

CVE-2024-21510

MEDIUM

CVSS:5.4(Medium)

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host (XFH) header. When making a request to a method with redirect ...

CWE-8072024

CVE-2022-24400

MEDIUM

CVSS:5.9(Medium)

A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.

CWE-8072022

CVE-2021-29479

MEDIUM

CVSS:6.1(Medium)

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a user supplied `X-Forwarded-Host` header can be used to perform cache poisoning of a cache fronting a Ratpack server if...

CWE-8072021