Описание
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.5\(.1.131\) (включая)
Одно из
cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings_server:1.5\(.1.6\):*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00302
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
EPSS
Процентиль: 53%
0.00302
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-310