Shodan
Vulnerabilities
Vulnerable Software
Cisco:  >> Webex Meetings Server  Security Vulnerabilities
CVE-2014-8036
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-01-10
CVE-2014-8033
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-01-09
CVE-2014-8032
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-01-09
CVE-2014-8030
Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-09
CVE-2014-8031
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.
CVSS Score
6.8
EPSS Score
0.002
Published
2015-01-09
CVE-2014-3400
Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-10-05
CVE-2014-3395
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.
CVSS Score
5.0
EPSS Score
0.002
Published
2014-09-30
CVE-2014-3302
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
CVSS Score
5.8
EPSS Score
0.003
Published
2014-08-01
CVE-2014-3303
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.
CVSS Score
4.0
EPSS Score
0.004
Published
2014-07-28
CVE-2014-3304
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved