Cisco Security Advisory - Cisco Enterprise Chat and Email Vulnerabilities

Netwörkheäd · March 23, 2022, 06:02:26 AM

Cisco Enterprise Chat and Email Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks, enumerate existing user accounts, and redirect a user to an undesired webpage.
For more information about these vulnerabilities, see the <a href="#details">Details</a> section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link: <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR</a>

Security Impact Rating: Medium

CVE: CVE-2022-20631,CVE-2022-20632,CVE-2022-20633,CVE-2022-20634
Source: Cisco Enterprise Chat and Email Vulnerabilities

Cisco Security Advisory - Cisco Enterprise Chat and Email Vulnerabilities

Netwörkheäd