First published: Thu Sep 08 2022(Updated: )
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Teams | <42.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20863 is a vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, that allows an unauthenticated, remote attacker to manipulate links or other content within the messaging interface.
CVE-2022-20863 could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface of Cisco Webex App, formerly Webex Teams.
The severity of CVE-2022-20863 is medium with a CVSSv3 score of 5.3.
An attacker can exploit CVE-2022-20863 by manipulating links or other content within the messaging interface of Cisco Webex App, formerly Webex Teams.
To fix CVE-2022-20863, it is recommended to update to the latest version of Cisco Webex App, formerly Webex Teams.