{"api_version":"1","generated_at":"2026-04-27T02:57:48+00:00","cve":"CVE-2022-20763","urls":{"html":"https://cve.report/CVE-2022-20763","api":"https://cve.report/api/cve/CVE-2022-20763.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-20763","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-20763"},"summary":{"title":"CVE-2022-20763","description":"A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2022-04-06 19:15:00","updated_at":"2023-11-07 03:42:00"},"problem_types":["CWE-502"],"metrics":[],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-java-MVX6crH9","name":"20220406 Cisco Webex Meetings Java Deserialization Vulnerability","refsource":"CISCO","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-20763","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20763","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"20763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"webex_meetings_online","cpe6":"wbs42.2.1-1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","DATE_PUBLIC":"2022-04-06T23:00:00","ID":"CVE-2022-20763","STATE":"PUBLIC","TITLE":"Cisco Webex Meetings Java Deserialization Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Cisco Webex Meetings ","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"Cisco"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application."}]},"exploit":[{"lang":"eng","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}],"impact":{"cvss":{"baseScore":"5.4","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N ","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-502"}]}]},"references":{"reference_data":[{"name":"20220406 Cisco Webex Meetings Java Deserialization Vulnerability","refsource":"CISCO","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-java-MVX6crH9"}]},"source":{"advisory":"cisco-sa-webex-java-MVX6crH9","defect":[["CSCwa60510"]],"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-04-06 19:15:00","lastModifiedDate":"2023-11-07 03:42:00","problem_types":["CWE-502"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:webex_meetings_online:wbs42.2.1-1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"20763","Ordinal":"220068","Title":"CVE-2022-20763","CVE":"CVE-2022-20763","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"20763","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}