Lucene search

[email protected]CVE-2015-4208

HistoryJun 24, 2015 - 10:59 a.m.

CVE-2015-4208

2015-06-2410:59:00

CWE-200

CWE-89

[email protected]

web.nvd.nist.gov

cisco

webex

meeting center

url restriction

bypass

cve-2015-4208

sql injection

bug id cscup88398

nvd

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.8%

JSON

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.

CPENameOperatorVersion
cisco:webex_meeting_centercisco webex meeting centereq-

CPE	Name	Operator	Version
cisco:webex_meeting_center	cisco webex meeting center	eq	-

References

tools.cisco.com/security/center/viewAlert.x?alertId=39458

www.securityfocus.com/bid/75361

www.securitytracker.com/id/1032705

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2015-4208

cvelist1 cisco1 prion1