CVE-2023-20172

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-602
View all →

Vulnerability Description

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Related Vulnerabilities

CVE-2023-39218

MEDIUM
CVSS:4.9(Medium)

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

CWE-6022023

CVE-2024-20476

MEDIUM
CVSS:4.9(Medium)

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vul...

CWE-6022024

CVE-2024-43188

MEDIUM
CVSS:4.9(Medium)

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

CWE-6022024

CVE-2024-32512

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in weForms allows Removing Important Client Functionality.This issue affects weForms: from n/a through 1.6.20.

CWE-6022024

CVE-2024-32521

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam allows Removing Important Client Functionality.This issue affects Zero Spam: from n/a through 5.5.6.

CWE-6022024

CVE-2024-32685

MEDIUM
CVSS:5.3(Medium)

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

CWE-6022024