cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20652,https://securityvulnerability.io/vulnerability/CVE-2022-20652,Cisco Tetration Vulnerability Allowing Arbitrary Command Execution,"A security flaw in the web-based management interface and API subsystem of Cisco Tetration enables an authenticated, remote attacker to inject arbitrary commands that execute with root-level privileges on the underlying operating system. Due to insufficient input validation, an attacker can craft a malicious HTTP message targeting the vulnerable system. Successful exploitation of this issue requires valid administrator-level credentials, which allows the attacker to gain control over critical system functions. Cisco has acknowledged the issue and released software updates to remediate the vulnerability, while no effective workarounds are available.",Cisco,Cisco Secure Workload,6.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-15T15:58:58.429Z,0
CVE-2023-20136,https://securityvulnerability.io/vulnerability/CVE-2023-20136,Access Control Vulnerability in Cisco Secure Workload,"A flaw in the OpenAPI of Cisco Secure Workload permits an authenticated, remote attacker with read-only privileges to perform actions meant for Administrator users. This vulnerability arises from inadequate role-based access control for specific OpenAPI functions. An attacker can exploit this by sending a specially crafted function call with valid credentials, thereby enabling unauthorized operations such as the creation and deletion of user labels, which should be strictly controlled.",Cisco,Cisco Secure Workload,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2021-34789,https://securityvulnerability.io/vulnerability/CVE-2021-34789,Cisco Tetration Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.",Cisco,Cisco Secure Workload,4.8,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-04T02:15:24.000Z,,false,false,,2021-10-21T03:15:00.000Z,0