2 matches found
Cisco Jabber for Windows 8.x / 9.x / 10.x / 11.0.x / 11.1.x XMPP Connection MitM STARTTLS Downgrade (cisco-sa-20151224-jab)
The version of Cisco Jabber for Windows installed on the remote host is 8.x, 9.x, 10.x, 11.0.x, or 11.1.x prior to 11.5. It is, therefore, affected by man-in-the-middle STARTTLS downgrade vulnerability due to improper checks to ensure the Extensible Messaging and Presence Protocol XMPP connection...
CVE-2015-6409
Cisco Jabber for Windows (affected: 10.6.x, 11.0.x, 11.1.x) is vulnerable to a STARTTLS downgrade in XMPP due to improper verification of TLS, enabling MITM to force cleartext XMPP sessions. Exploitation details are not provided in the sources. Cisco indicates software updates will address the vu...