CVE-2022-20917

Name of the Vulnerable Software and Affected Versions Cisco Jabber (affected versions not specified)

Description A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature could allow an authenticated, remote attacker to manipulate the content of XMPP messages. This is due to the improper handling of nested XMPP messages within requests sent to the Cisco Jabber client software. An attacker could exploit this by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client, potentially allowing the attacker to cause the Jabber client application to perform unsafe actions. The vulnerability may also allow an attacker to send a hidden HTTP request, such as an "HTTP Request Smuggling" attack, using specially crafted XMPP messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.