Information disclosure in Enterprise Chat and Email - CVE-2022-20633
Published: January 25, 2022
Vulnerability identifier: #VU59972
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-20633
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Enterprise Chat and Email
Enterprise Chat and Email
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to differences in authentication responses that are sent back from the application as part of an authentication attempt. A remote attacker can confirm existing user accounts.
Remediation
Install updates from vendor's website.