Search criteria
48 vulnerabilities found for webex_training_center by cisco
FKIE_CVE-2019-15987
Vulnerability from fkie_nvd - Published: 2019-11-26 04:15 - Updated: 2024-11-21 04:29
Severity ?
Summary
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_meetings_online | 11.0.0 | |
| cisco | webex_meetings_server | 4.0 | |
| cisco | webex_event_center | - | |
| cisco | webex_meeting_center | - | |
| cisco | webex_support_center | - | |
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_online:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9BE8A0-474F-485C-9DE6-692FF2118477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6A0CF-0BB4-447B-B061-E4DADDD88209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4D6417-ECE6-449A-B9E5-B9AE789CE91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center y Cisco Webex Training Center, podr\u00eda permitir a un atacante remoto no autenticado adivinar los nombres de usuario de las cuentas. La vulnerabilidad es debido a la falta de protecci\u00f3n CAPTCHA en determinadas URL. Un atacante podr\u00eda explotar esta vulnerabilidad al enviar una petici\u00f3n dise\u00f1ada a la interfaz web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitirle al atacante saber si un nombre de usuario determinado es v\u00e1lido y conseguir el nombre real del usuario."
}
],
"id": "CVE-2019-15987",
"lastModified": "2024-11-21T04:29:52.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T04:15:11.903",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6753
Vulnerability from fkie_nvd - Published: 2017-07-25 19:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9B23ACCD-6784-4043-9AD1-AD1D9149D510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7E784F-423E-4ABB-AAC9-9CBBF3873702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "35D6C33C-D91B-4C54-AA35-530293E43517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1515E161-06AE-4A77-BA55-B04E0ECF05B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "77A34A56-995C-456D-9F66-2D4510A8746A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "FB819563-9DED-4339-BD3E-AB59E510EF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE4DDB4-A4EA-48F4-ABAF-0E14CE903824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "81E8E429-36B2-41A8-A483-8FD2E7044986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48D31BB1-C7AF-4EB8-8234-97ABDA21D4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5.1.131:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC55BEF-9FDD-49FA-AC8E-53467824AB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:1.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B8FEF2-8D03-4752-B829-E8694DCB850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0.1.107:*:*:*:*:*:*:*",
"matchCriteriaId": "BB009CBA-0A3B-4578-BFC7-74C42CC3F107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*",
"matchCriteriaId": "80B9A3E8-DD9D-451B-81A4-BADA16512845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D5C7BE43-0F81-4550-813E-66D0844E9291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "9043AE98-9A13-46F8-8E8A-BEC9E8EE0843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5.99.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8289371-84B7-4342-9EA6-2844A9C5DCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4AF5A4-1B99-43F8-A659-7C57B033F2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8745FD6-B0B3-46A9-9254-7B13877D7080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.6.1.39:*:*:*:*:*:*:*",
"matchCriteriaId": "794B669D-5A30-49CA-9F35-8F7AA5A2DF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA0048F-B88D-47F6-89D6-B7EDDECBF700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*",
"matchCriteriaId": "30ECA8FE-D587-4692-AA90-9706E44BAC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:2.8_base:*:*:*:*:*:*:*",
"matchCriteriaId": "04698E83-4906-4FD9-81C1-955A6D770898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE527118-BAFE-4120-890B-B6D3AFF91D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1297660-D3BF-4EB4-9AD8-F0B6CB1D7EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "633885BF-E4AD-4D68-BE6B-FC422C4A6756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "735D9391-9600-4488-A5A3-9BE519991C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "596CF80A-6D04-4C8C-8E4C-A312F50F90CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr7:*:*:*:*:*:*:*",
"matchCriteriaId": "26700488-AE40-4B51-9205-90B2822A1473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr8:*:*:*:*:*:*:*",
"matchCriteriaId": "64859732-7AD6-4393-927A-2D610746C6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0:mr9:*:*:*:*:*:*:*",
"matchCriteriaId": "5A173DA9-B4F4-4A1E-8A57-B7D04FAD775B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr8_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC24AAF-F4B6-45D6-9C62-09B104C72F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACAED8E-CD53-4F12-858E-3AB1DB652893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "396E0F99-BD66-4B77-BA1F-6CDC25BAD54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.0_mr9_patch:3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5EBC53-A135-429B-B132-B2FF8F6E2C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2C39D-1B45-42D6-B09E-1E5FA258A776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B02318-4867-43D4-9FB2-82A3CF59342E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA32CA3D-7617-453A-9D1B-4BCD84017573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr4:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE64939-BE95-454D-88C1-39A8E69A21D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr5:*:*:*:*:*:*:*",
"matchCriteriaId": "571E071B-BF6D-4DC7-9E29-C150C18C2709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5:mr6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8E6509-E041-489C-A31E-BC4EAF5DEA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A3B55D-840B-48CA-9A01-97F33C24E38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr5_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2715AB5-39A2-4AB4-8DBC-A0AF0E659DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "478A42B0-27D5-4C01-B515-C09A5C87F49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "15D2AB6C-7C5D-44FD-9990-6EAD1CFCC10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F63FD08C-2483-4F4D-BF90-4FC53AC51F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.5_mr6_patch:4:*:*:*:*:*:*:*",
"matchCriteriaId": "32D28387-E832-4EB5-BD0C-B64BBE42943B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C89D9D6-0923-4D11-A264-776AB637B007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CA8FDC-2040-44AC-B05D-D94F3387118E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6:mr3:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCAF0D6-372F-4230-A9FE-D76E6CDDBA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr1_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0CBF03-2DC9-4C66-A324-F007D5C03429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C416484-9739-453F-A8F8-FB2A0AE3716D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "7277467C-D605-496C-A666-520C7E8729CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.6_mr3_patch:2:*:*:*:*:*:*:*",
"matchCriteriaId": "032142FE-89CD-4810-A6F2-890CD16E6333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr1:*:*:*:*:*:*:*",
"matchCriteriaId": "CECC6270-A8DC-4B51-9675-FF428E33790C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7:mr2:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C6985-D7A1-4146-BCAA-BA255F238172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr1_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A813-6D07-447A-96A6-36E2B63FE799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server_2.7_mr2_patch:1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8284327-927C-406A-BAC6-B7EF21F47407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "68F014B7-5DDB-48DC-ABF9-DA7BC081830F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AAF51C-6E2A-465E-8AD9-9A170E9FC3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_support_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "305F6293-1231-419B-B096-6F88943806A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t30_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAA1ECC-04D7-47EA-B457-818F5BA381AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t31_base:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E501E7-912E-462C-BC4C-5C8E1C6425AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:t32_base:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB3EDE5-67C5-40E4-AB92-BBF1B8122091",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las extensiones del navegador WebEx de Cisco para Google Chrome y Mozilla Firefox, podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario con los privilegios del navegador afectado sobre un sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para WebEx Meetings Server de Cisco, WebEx Centers de Cisco (Meeting Center, Event Center, Training Center y Support Center) y WebEx Meetings de Cisco cuando son ejecutadas en Microsoft Windows. Una vulnerabilidad es debido a un defecto de dise\u00f1o en la extensi\u00f3n. Un atacante que pueda convencer a un usuario afectado para visitar una p\u00e1gina web controlada por un atacante o siga un enlace provisto por un atacante con un navegador afectado podr\u00eda atacar esta vulnerabilidad. Si tiene \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario con privilegios del navegador afectado. Las siguientes versiones de las extensiones del navegador de WebEx de Cisco est\u00e1n afectadas: Versiones anteriores a 1.0.12 de la extensi\u00f3n WebEx de Cisco en Google Chrome, Versiones anteriores a 1.0.12 de la extensi\u00f3n WebEx de Cisco en Mozilla Firefox. Identificaci\u00f3n de Bug Cisco: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
],
"id": "CVE-2017-6753",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T19:29:00.397",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038909"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2199
Vulnerability from fkie_nvd - Published: 2014-05-20 11:13 - Updated: 2025-04-12 10:46
Severity ?
Summary
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030251 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030251 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_business_suite | 27.0 | |
| cisco | webex_business_suite | 28.0 | |
| cisco | webex_business_suite | 29.0 | |
| cisco | webex_event_center | - | |
| cisco | webex_meeting_center | - | |
| cisco | webex_meetings_server | * | |
| cisco | webex_sales_center | - | |
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAD4B10-275C-4C1B-95C6-3805104CBE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7544AE0-77D7-45CB-B49C-B060F9B51DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_business_suite:29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "320608BF-D0C5-4245-A200-613CB5BB185B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6A0CF-0BB4-447B-B061-E4DADDD88209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C046194-A216-4728-BAD9-4B675820F9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF4BC9-68A8-4AF2-88C3-EDADB721B6C8",
"versionEndIncluding": "1.5\\(.1.131\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_sales_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA5880C-52BA-47D2-9CAB-45C3FA6FCB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
},
{
"lang": "es",
"value": "meetinginfo.do en Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) y anteriores y WebEx Business Suite (WBS) 27 anterior a 27.32.31.16, 28 anterior a 28.12.13.18 y 29 anterior a 29.5.1.12 permite a atacantes remotos obtener informaci\u00f3n sensible de reuniones mediante el aprovechamiento de conocimiento de un identificador de reuni\u00f3n, tambi\u00e9n conocido como Bug IDs CSCuo68624 y CSCue46738."
}
],
"id": "CVE-2014-2199",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T11:13:37.657",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030251"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6966
Vulnerability from fkie_nvd - Published: 2013-12-17 04:46 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Cisco WebEx Training Center que permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCul36031."
}
],
"id": "CVE-2013-6966",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-17T04:46:45.957",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100909"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6971
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Cisco WebEx Training Center permite a atacantes remotos redirigir a usuarios hacia sitios web arbitrarios o llevar a cabo ataques de phishing a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCul57140."
}
],
"id": "CVE-2013-6971",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.550",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100910"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6963
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente de registro en Cisco WebEx Training Center permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCul36207."
}
],
"id": "CVE-2013-6963",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.363",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100907"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/64277"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6969
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990."
},
{
"lang": "es",
"value": "La p\u00e1gina training-registration en Cisco WebEx Training Center permite a atacantes remotos modificar campos no especificados a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como Bug ID CSCul35990."
}
],
"id": "CVE-2013-6969",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.503",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/101003"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6969"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/64305"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89684"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6965
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
},
{
"lang": "es",
"value": "El componente de registro en Cisco WebEx Training Center proporciona la URL de sesi\u00f3n antes de que se complete la confirmaci\u00f3n por e-mail, lo que permite a atacantes remotos evitar las restricciones de acceso previstos y unirse a una conferencia de audio mediante la introducci\u00f3n de campos de credenciales de esta URL, tambi\u00e9n conocido como Bug ID CSCul36183."
}
],
"id": "CVE-2013-6965",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:14.410",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100911"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/64281"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6968
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003."
},
{
"lang": "es",
"value": "Cisco WebEx Training Center proporciona diferentes mensajes de error en intentos de registro dependiendo si la direcci\u00f3n de e-mail existe, lo que permite a atacantes remotos enumerar asistentes a trav\u00e9s de una serie de peticiones, tambi\u00e9n conocido como Bug ID CSCul36003."
}
],
"id": "CVE-2013-6968",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:14.473",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100913"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6968"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89688"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6710
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=32154 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1029492 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=32154 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029492 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site requets forgery (CSRF) en Cisco WeBeX Training Center permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos, tambien conocido como Bug ID CSCul25567."
}
],
"id": "CVE-2013-6710",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-14T22:55:14.207",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6973
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121."
},
{
"lang": "es",
"value": "Cisco WebEx Training Center permite a atacantes remotos descubrir IDs de registro a trav\u00e9s de URL manipuladas, tambi\u00e9n conocido como Bug ID CSCul57121."
}
],
"id": "CVE-2013-6973",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:14.597",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100915"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6973"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/64286"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89651"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6972
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126."
},
{
"lang": "es",
"value": "Cisco WebEx Training Center permite a atacantes remotos descubrir n\u00fameros de sesi\u00f3n, y evadir la aprobaci\u00f3n de host para asistencias de audio-conference, mediante la lectura de c\u00f3digo fuente HTML, tambi\u00e9n conocido como Bug ID CSCul57126."
}
],
"id": "CVE-2013-6972",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:14.567",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/100914"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6972"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32145"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/64282"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89652"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6709
Vulnerability from fkie_nvd - Published: 2013-12-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=32153 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1029492 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=32153 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1029492 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | webex_training_center | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D11FA31-28A2-47C6-9030-97A250951899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111."
},
{
"lang": "es",
"value": "El componente de registro en Cisco WebEx Training Center proporciona la URL de capacitaci\u00f3n de sesi\u00f3n antes de que se complete el pago, que permite a atacantes remotos evitar las restricciones de acceso previstos y unirse a una conferencia de audio mediante la introducci\u00f3n de campos de credenciales de esta URL, tambi\u00e9n conocido como Bug ID CSCul57111."
}
],
"id": "CVE-2013-6709",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-14T22:55:03.597",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029492"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-15987 (GCVE-0-2019-15987)
Vulnerability from cvelistv5 – Published: 2019-11-26 03:42 – Updated: 2024-11-19 18:51
VLAI?
Title
Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
Summary
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco WebEx Event Center |
Affected:
unspecified , < n/a
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:22:21.467673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:51:20.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Event Center",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T03:42:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-11-20T16:00:00-0800",
"ID": "CVE-2019-15987",
"STATE": "PUBLIC",
"TITLE": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Event Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15987",
"datePublished": "2019-11-26T03:42:14.157661Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-19T18:51:20.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6753 (GCVE-0-2017-6753)
Vulnerability from cvelistv5 – Published: 2017-07-25 19:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco WebEx Browser Extension |
Affected:
Cisco WebEx Browser Extension
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Browser Extension",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Browser Extension"
}
]
}
],
"datePublic": "2017-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Browser Extension",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Browser Extension"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99614"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6753",
"datePublished": "2017-07-25T19:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2199 (GCVE-0-2014-2199)
Vulnerability from cvelistv5 – Published: 2014-05-20 10:00 – Updated: 2024-08-06 10:05
VLAI?
Summary
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2199",
"datePublished": "2014-05-20T10:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6966 (GCVE-0-2013-6966)
Vulnerability from cvelistv5 – Published: 2013-12-17 02:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"refsource": "OSVDB",
"url": "http://osvdb.org/100909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6966",
"datePublished": "2013-12-17T02:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6710 (GCVE-0-2013-6710)
Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T14:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6710",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6971 (GCVE-0-2013-6971)
Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"refsource": "OSVDB",
"url": "http://osvdb.org/100910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6971",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6965 (GCVE-0-2013-6965)
Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"refsource": "OSVDB",
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6965",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6963 (GCVE-0-2013-6963)
Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "64277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"refsource": "OSVDB",
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6963",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6709 (GCVE-0-2013-6709)
Vulnerability from cvelistv5 – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T14:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6709",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15987 (GCVE-0-2019-15987)
Vulnerability from nvd – Published: 2019-11-26 03:42 – Updated: 2024-11-19 18:51
VLAI?
Title
Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
Summary
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco WebEx Event Center |
Affected:
unspecified , < n/a
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:32.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T17:22:21.467673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:51:20.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Event Center",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T03:42:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
],
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-11-20T16:00:00-0800",
"ID": "CVE-2019-15987",
"STATE": "PUBLIC",
"TITLE": "Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Event Center",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20191120 Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20191120-webex-centers-infodis",
"defect": [
[
"CSCvq81213",
"CSCvq81230"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-15987",
"datePublished": "2019-11-26T03:42:14.157661Z",
"dateReserved": "2019-09-06T00:00:00",
"dateUpdated": "2024-11-19T18:51:20.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6753 (GCVE-0-2017-6753)
Vulnerability from nvd – Published: 2017-07-25 19:00 – Updated: 2024-08-05 15:41
VLAI?
Summary
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco WebEx Browser Extension |
Affected:
Cisco WebEx Browser Extension
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco WebEx Browser Extension",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco WebEx Browser Extension"
}
]
}
],
"datePublic": "2017-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1038911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Browser Extension",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Browser Extension"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99614"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6753",
"datePublished": "2017-07-25T19:00:00",
"dateReserved": "2017-03-09T00:00:00",
"dateUpdated": "2024-08-05T15:41:17.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2199 (GCVE-0-2014-2199)
Vulnerability from nvd – Published: 2014-05-20 10:00 – Updated: 2024-08-06 10:05
VLAI?
Summary
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:05:59.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-16T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34252"
},
{
"name": "1030251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030251"
},
{
"name": "20140515 WebEx Meeting Information Disclosure Vulnerability in meetinginfo.do",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-2199",
"datePublished": "2014-05-20T10:00:00",
"dateReserved": "2014-02-25T00:00:00",
"dateUpdated": "2024-08-06T10:05:59.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6966 (GCVE-0-2013-6966)
Vulnerability from nvd – Published: 2013-12-17 02:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32149"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966"
},
{
"name": "cisco-webex-cve20136966-open-redirect(89686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89686"
},
{
"name": "100909",
"refsource": "OSVDB",
"url": "http://osvdb.org/100909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6966",
"datePublished": "2013-12-17T02:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6710 (GCVE-0-2013-6710)
Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:46
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:22.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T14:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32154"
},
{
"name": "20131212 Cisco WebEx Training Center Cross-Site Request Forgery Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6710",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-11-07T00:00:00",
"dateUpdated": "2024-08-06T17:46:22.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6971 (GCVE-0-2013-6971)
Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "20131212 Cisco WebEx Training Center Open Redirect Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6971"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32146"
},
{
"name": "cisco-webex-cve20136971-open-redirect(89653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89653"
},
{
"name": "100910",
"refsource": "OSVDB",
"url": "http://osvdb.org/100910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6971",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6965 (GCVE-0-2013-6965)
Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"refsource": "OSVDB",
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6965",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6963 (GCVE-0-2013-6963)
Vulnerability from nvd – Published: 2013-12-14 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "64277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100907",
"refsource": "OSVDB",
"url": "http://osvdb.org/100907"
},
{
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name": "cisco-webex-cve20136963-xss(89695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6963",
"datePublished": "2013-12-14T22:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}