CVE-2014-3302

2014-08-0101:00:00

cisco

www.cve.org

6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

References

secunia.com/advisories/58624

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3302

tools.cisco.com/security/center/viewAlert.x?alertId=35050

www.securityfocus.com/bid/68904

www.securitytracker.com/id/1030646

exchange.xforce.ibmcloud.com/vulnerabilities/94892