CVE-2015-4218

2015-06-2410:59:11

CWE-200

[email protected]

web.nvd.nist.gov

cisco

jabber

security

vulnerability

remote attack

information disclosure

cve-2015-4218

nvd

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.

Affected configurations

NVD

Node

ciscojabberMatch9.6\(0\)windows

ciscojabberMatch9.6\(1\)windows

ciscojabberMatch9.6\(2\)windows

ciscojabberMatch9.6\(3\)windows

ciscojabberMatch9.7\(0\)windows

ciscojabberMatch9.7\(1\)windows

ciscojabberMatch9.7\(2\)windows

ciscojabberMatch9.7\(3\)windows

ciscojabberMatch9.7\(4\)windows

ciscojabberMatch9.7\(5\)windows

CPENameOperatorVersion
cisco:jabbercisco jabbereq9.6\(0\)
cisco:jabbercisco jabbereq9.6\(1\)
cisco:jabbercisco jabbereq9.6\(2\)
cisco:jabbercisco jabbereq9.6\(3\)
cisco:jabbercisco jabbereq9.7\(0\)
cisco:jabbercisco jabbereq9.7\(1\)
cisco:jabbercisco jabbereq9.7\(2\)
cisco:jabbercisco jabbereq9.7\(3\)
cisco:jabbercisco jabbereq9.7\(4\)
cisco:jabbercisco jabbereq9.7\(5\)

CPE	Name	Operator	Version
cisco:jabber	cisco jabber	eq	9.6\(0\)
cisco:jabber	cisco jabber	eq	9.6\(1\)
cisco:jabber	cisco jabber	eq	9.6\(2\)
cisco:jabber	cisco jabber	eq	9.6\(3\)
cisco:jabber	cisco jabber	eq	9.7\(0\)
cisco:jabber	cisco jabber	eq	9.7\(1\)
cisco:jabber	cisco jabber	eq	9.7\(2\)
cisco:jabber	cisco jabber	eq	9.7\(3\)
cisco:jabber	cisco jabber	eq	9.7\(4\)
cisco:jabber	cisco jabber	eq	9.7\(5\)