VAR-201506-0306
Vulnerability from variot - Updated: 2023-12-18 14:06The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. Vendors have confirmed this vulnerability Bug ID CSCuu65622 and CSCuu70858 It is released as.Skillfully crafted by a third party GET Important information may be obtained via the request value. Cisco Jabber is a cross-device collaboration system from Cisco. The system provides voice, video, desktop sharing and conferencing. This issue is being tracked by Cisco Bug ID's CSCuu65622 and CSCuu70858
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6\\(3\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(0\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(3\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6\\(2\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6\\(1\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(2\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.6\\(0\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(5\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(4\\)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.7\\(1\\)"
},
{
"model": "jabber",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.6(3)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.7(5) for up to 9.7"
},
{
"model": "jabber",
"scope": "lte",
"trust": 0.6,
"vendor": "cisco",
"version": "\u003c=9.6(3)"
},
{
"model": "jabber",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.7-9.7(5)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(5)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(4)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(3)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(2)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(1)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7(0)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(3)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(2)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(1)"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6(0)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "BID",
"id": "75377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(4\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(5\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.6\\(0\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.6\\(1\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.6\\(2\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.6\\(3\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(0\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(2\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(1\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.7\\(3\\):*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4218"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75377"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4218",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-82179",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4218",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03994",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-490",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82179",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "VULHUB",
"id": "VHN-82179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858. Vendors have confirmed this vulnerability Bug ID CSCuu65622 and CSCuu70858 It is released as.Skillfully crafted by a third party GET Important information may be obtained via the request value. Cisco Jabber is a cross-device collaboration system from Cisco. The system provides voice, video, desktop sharing and conferencing. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCuu65622 and CSCuu70858",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "BID",
"id": "75377"
},
{
"db": "VULHUB",
"id": "VHN-82179"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4218",
"trust": 3.4
},
{
"db": "BID",
"id": "75377",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032711",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03994",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82179",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "VULHUB",
"id": "VHN-82179"
},
{
"db": "BID",
"id": "75377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"id": "VAR-201506-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "VULHUB",
"id": "VHN-82179"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
}
]
},
"last_update_date": "2023-12-18T14:06:03.801000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39494",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39494"
},
{
"title": "Patch for Cisco Jabber Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60035"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39494"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75377"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032711"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4218"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4218"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "VULHUB",
"id": "VHN-82179"
},
{
"db": "BID",
"id": "75377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "VULHUB",
"id": "VHN-82179"
},
{
"db": "BID",
"id": "75377"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"date": "2015-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-82179"
},
{
"date": "2015-06-23T00:00:00",
"db": "BID",
"id": "75377"
},
{
"date": "2015-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"date": "2015-06-24T10:59:11.790000",
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82179"
},
{
"date": "2015-06-23T00:00:00",
"db": "BID",
"id": "75377"
},
{
"date": "2015-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003272"
},
{
"date": "2016-12-28T17:43:20.383000",
"db": "NVD",
"id": "CVE-2015-4218"
},
{
"date": "2015-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Jabber Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03994"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-490"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…