All the vulnerabilites related to cisco - unified_meetingplace_web_conferencing
cve-2013-3438
Vulnerability from cvelistv5
Published
2013-07-24 01:00
Modified
2024-08-06 16:07
Severity ?
Summary
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
References
http://osvdb.org/95583vdb-entry, x_refsource_OSVDB
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438vendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=30186x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.921Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95583",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95583"
          },
          {
            "name": "20130723 Cisco Unified MeetingPlace Web Conferencing Authorization By-pass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-22T14:57:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "95583",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95583"
        },
        {
          "name": "20130723 Cisco Unified MeetingPlace Web Conferencing Authorization By-pass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3438",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95583",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95583"
            },
            {
              "name": "20130723 Cisco Unified MeetingPlace Web Conferencing Authorization By-pass Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3438",
    "datePublished": "2013-07-24T01:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5494
Vulnerability from cvelistv5
Published
2013-09-16 01:00
Modified
2024-08-06 17:15
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.
References
http://www.securitytracker.com/id/1029037vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1029037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029037"
          },
          {
            "name": "20130913 Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-11T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1029037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029037"
        },
        {
          "name": "20130913 Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1029037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029037"
            },
            {
              "name": "20130913 Cisco Unified MeetingPlace Solution Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5494",
    "datePublished": "2013-09-16T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4262
Vulnerability from cvelistv5
Published
2015-07-24 14:00
Modified
2024-08-06 06:11
Severity ?
Summary
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mpvendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1033024vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150722 Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"
          },
          {
            "name": "1033024",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-20T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150722 Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"
        },
        {
          "name": "1033024",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033024"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4262",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150722 Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"
            },
            {
              "name": "1033024",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033024"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4262",
    "datePublished": "2015-07-24T14:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0614
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-08-07 04:40
Severity ?
Summary
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
References
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtmlvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/33901vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/48888vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
          },
          {
            "name": "33901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33901"
          },
          {
            "name": "cisco-meetingplace-unauth-access(48888)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
        },
        {
          "name": "33901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33901"
        },
        {
          "name": "cisco-meetingplace-unauth-access(48888)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2009-0614",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
            },
            {
              "name": "33901",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33901"
            },
            {
              "name": "cisco-meetingplace-unauth-access(48888)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2009-0614",
    "datePublished": "2009-02-26T16:00:00",
    "dateReserved": "2009-02-18T00:00:00",
    "dateUpdated": "2024-08-07T04:40:05.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3419
Vulnerability from cvelistv5
Published
2013-07-11 22:00
Modified
2024-09-17 02:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-11T22:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3419",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130711 Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3419",
    "datePublished": "2013-07-11T22:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-17T02:32:44.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
References
ykramarz@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtmlVendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/33901Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48888VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33901Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/48888VDB Entry
Impacted products
Vendor Product Version
cisco unified_meetingplace_web_conferencing *
cisco unified_meetingplace_web_conferencing *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3658DA-A276-44AD-A3CB-E1CB86ED7F88",
              "versionEndExcluding": "6.0\\(517.0\\)",
              "versionStartIncluding": "6.0\\(171\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "81EA2062-D903-4A88-B8D3-899221F69924",
              "versionEndExcluding": "7.0\\(2\\)",
              "versionStartIncluding": "7.0\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en Cisco Unified MeetingPlace Web Conferencing Web 6.0 antes de 6.0(517.0) (alias 6.0 MR4) y 7.0 antes de 7.0 (2) (alias 7.0 MR1) permite a atacantes remotos eludir la autenticaci\u00f3n y obtener acceso administrativo a trav\u00e9s de una URL modificada."
    }
  ],
  "id": "CVE-2009-0614",
  "lastModified": "2024-11-21T01:00:31.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-26T16:17:20.017",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33901"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-11 22:55
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419Vendor Advisory
Impacted products
Vendor Product Version
cisco unified_meetingplace_web_conferencing -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3571BAEC-DBC9-464E-B6D8-450DDA17DEEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en Cisco Unified MeetingPlace Web Conferencing que permite a atacantes remotos inyectar secuencias de comandos Web o HTML a trav\u00e9s de par\u00e1metro sin especificar, tambi\u00e9n conocido como Bug ID CSCuh74981."
    }
  ],
  "id": "CVE-2013-3419",
  "lastModified": "2024-11-21T01:53:36.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-11T22:55:00.967",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-24 12:01
Modified
2024-11-21 01:53
Severity ?
Summary
The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
References
ykramarz@cisco.comhttp://osvdb.org/95583
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30186Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95583
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30186Vendor Advisory
Impacted products
Vendor Product Version
cisco unified_meetingplace_web_conferencing -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3571BAEC-DBC9-464E-B6D8-450DDA17DEEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385."
    },
    {
      "lang": "es",
      "value": "El famework web en el servidor en Cisco Unified MeetingPlace Web Conferencing, permite a atacantes remotos evitar las restricciones de acceso establecidas y leer p\u00e1ginas web no especificadas a trav\u00e9s de par\u00e1metros manipulados. Aka Bug ID CSCuh86385."
    }
  ],
  "id": "CVE-2013-3438",
  "lastModified": "2024-11-21T01:53:38.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-24T12:01:57.703",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/95583"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30186"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-09-16 13:02
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029037
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029037
Impacted products
Vendor Product Version
cisco unified_meetingplace *
cisco unified_meetingplace_web_conferencing -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "713CDBB9-F841-455A-B173-7B239DF087D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3571BAEC-DBC9-464E-B6D8-450DDA17DEEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCui45209 and CSCui44674."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en el framework web en Cisco Unified MeetingPlace Solution, tal como se usa en Unified MeetingPlace Web Conferencing y Unified MeetingPlace, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug IDs CSCui45209 y CSCui44674."
    }
  ],
  "id": "CVE-2013-5494",
  "lastModified": "2024-11-21T01:57:34.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-16T13:02:35.737",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1029037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029037"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-24 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mpVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1033024
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033024
Impacted products
Vendor Product Version
cisco unified_meetingplace_web_conferencing 6.0.417.0
cisco unified_meetingplace_web_conferencing 6.0_base
cisco unified_meetingplace_web_conferencing 7.0\(1\)
cisco unified_meetingplace_web_conferencing 7.0\(2\)
cisco unified_meetingplace_web_conferencing 7.0\(2\)_sr1
cisco unified_meetingplace_web_conferencing 7.0\(3\)
cisco unified_meetingplace_web_conferencing 7.1\(1\)
cisco unified_meetingplace_web_conferencing 7.1\(2\)
cisco unified_meetingplace_web_conferencing 8.0\(1\)
cisco unified_meetingplace_web_conferencing 8.0\(1\)_sr1
cisco unified_meetingplace_web_conferencing 8.0\(2\)
cisco unified_meetingplace_web_conferencing 8.5\(1\)
cisco unified_meetingplace_web_conferencing 8.5\(2\)
cisco unified_meetingplace_web_conferencing 8.5\(2\)_sr1
cisco unified_meetingplace_web_conferencing 8.5\(2\)_sr2
cisco unified_meetingplace_web_conferencing 8.5\(3\)
cisco unified_meetingplace_web_conferencing 8.5\(4\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0.417.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D3E512-2A9F-43E0-A363-A9B7D81C2922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:6.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "54B1E218-B378-4119-A439-23E74EA008C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2BAD75EE-2B65-4E15-BCCD-02710E8FAECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "13A4496E-D15C-4506-8551-A29C49533573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(2\\)_sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33682A2F-B5C4-4AEF-915E-DCDAE8A09891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D15FA7-CFDB-4DAD-854A-DF84B02ADEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "449923E2-5772-400B-A353-0634774946AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:7.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "413A2232-EF73-4A00-96DF-F1BE3A12A532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "69F97EA5-2520-4CD7-A4E8-BCBA3725A6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(1\\)_sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A3E983-29CD-4A3C-B0AF-DE9C904A83EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E32E4F4B-F093-47BE-B57B-0BD373E82BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2593F2B4-9583-4B58-8DE0-95C51DB21751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B2DB0F2C-AE4A-44E2-BCD1-6A6E642A3C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\)_sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19D5C268-DC1A-47A5-89C1-E55AD534158E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(2\\)_sr2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F823F50-D4E5-41D5-84A9-3ECB76028293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9819C361-160B-46EE-818F-E25FF7DDA0F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:8.5\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "525417A0-E568-43AB-8BE4-6C1F93F6D935",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la funcionalidad password-change en Cisco Unified MeetingPlace Web Conferencing en versiones anteriores a la 8.5(5) MR3 y 8.6 anteriores a la 8.6(2), no comprueba el ID de sesi\u00f3n o exige el ingreso de la contrase\u00f1a actual, lo cual permite a atacantes remotos reiniciar arbitrariamente las contrase\u00f1as a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuu51839."
    }
  ],
  "id": "CVE-2015-4262",
  "lastModified": "2024-11-21T02:30:43.680",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-24T14:59:02.227",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1033024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033024"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}