Lucene search

[email protected]CVE-2014-8024

HistoryDec 23, 2014 - 2:59 a.m.

CVE-2014-8024

2014-12-2302:59:04

CWE-200

[email protected]

web.nvd.nist.gov

cisco

jabber

api

guest server

security vulnerability

cve-2014-8024

nvd

http

cors

bug id cscus19789

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.

Affected configurations

NVD

Node

ciscojabber_guest

CPENameOperatorVersion
cisco:jabber_guestcisco jabber guesteq*

CPE	Name	Operator	Version
cisco:jabber_guest	cisco jabber guest	eq	*

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024

www.securityfocus.com/bid/71770

www.securitytracker.com/id/1031422

tools.cisco.com/security/center/viewAlert.x?alertId=36870

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2014-8024

prion1 cisco1 nvd1 cvelist1