Cherwell Cherwell Service Management — known CVE vulnerabilities
Every CVE whose affected-product data names Cherwell Cherwell Service Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-26155 — CVSS 6.1 (medium): An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse…
CVE-2022-26156 — CVSS 6.1 (medium): An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the…
CVE-2022-26158 — CVSS 6.1 (medium): An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains…
CVE-2022-26157 — CVSS 5.3 (medium): An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected…