CVE-2022-20680

Name of the Vulnerable Software and Affected Versions Cisco Prime Service Catalog (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to access sensitive information on an affected device. This issue is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access could exploit this by sending a malicious HTTP request to the page containing sensitive data, potentially collecting information about system users and orders.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.