Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webex_meeting_center
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-04-21 | CVE-2015-6360 | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | Adaptive_security_appliance_software, Dx_series_ip_phones_firmware, Ios_xe, Ip_phone_7800_series_firmware, Ip_phone_8800_series_firmware, Jabber_software_development_kit, Libsrtp, Unified_communications_manager, Unified_ip_phone_6900_series_firmware, Unified_ip_phone_7900_series_firmware, Unified_ip_phone_8900_series_firmware, Unified_wireless_ip_phone_7920_firmware, Unity_connection, Webex_meeting_center | 7.5 | ||
| 2019-11-26 | CVE-2019-15987 | A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the... | Webex_event_center, Webex_meeting_center, Webex_meetings_online, Webex_meetings_server, Webex_support_center, Webex_training_center | N/A | ||
| 2017-07-25 | CVE-2017-6753 | A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due... | Webex_event_center, Webex_meeting_center, Webex_meetings, Webex_meetings_server, Webex_meetings_server_2\.0, Webex_meetings_server_2\.0_mr8_patch, Webex_meetings_server_2\.0_mr9_patch, Webex_meetings_server_2\.5, Webex_meetings_server_2\.5_mr2_patch, Webex_meetings_server_2\.5_mr5_patch, Webex_meetings_server_2\.5_mr6_patch, Webex_meetings_server_2\.6, Webex_meetings_server_2\.6_mr1_patch, Webex_meetings_server_2\.6_mr2_patch, Webex_meetings_server_2\.6_mr3_patch, Webex_meetings_server_2\.7, Webex_meetings_server_2\.7_mr1_patch, Webex_meetings_server_2\.7_mr2_patch, Webex_support_center, Webex_training_center | 8.8 | ||
| 2017-11-30 | CVE-2017-12366 | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A... | Webex_meeting_center | 6.1 | ||
| 2017-11-30 | CVE-2017-12365 | A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629. | Webex_meeting_center | 4.3 | ||
| 2017-11-30 | CVE-2017-12360 | A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings... | Webex_meeting_center | 4.3 | ||
| 2017-10-19 | CVE-2017-12298 | A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A... | Webex_meeting_center | 6.1 | ||
| 2017-11-30 | CVE-2017-12297 | A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843. | Webex_meeting_center | 5.0 | ||
| 2017-10-19 | CVE-2017-12286 | A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit... | Jabber, Webex_meeting_center | 5.5 | ||
| 2017-02-01 | CVE-2017-3823 | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the... | Activetouch_general_plugin_container, Download_manager, Gpccontainer_class, Webex, Webex_meeting_center, Webex_meetings_server | 8.8 |