Lucene search
K
CiscoSpark

5 matches found

CVE
CVE
added 2017/10/05 7:0 a.m.60 views

CVE-2017-12269

CVE-2017-12269 affects the web UI of Cisco Spark Messaging Software. The issue is stored XSS caused by insufficient input validation in the web UI, allowing an authenticated, remote attacker to inject XSS content. A successful exploit could force a user to execute attacker-specified code or leak ...

5.4CVSS5.2AI score0.00928EPSS
CVE
CVE
added 2016/02/12 1:0 a.m.50 views

CVE-2016-1322

The CVE-2016-1322 case concerns Cisco Spark’s REST interface, where improper authorization controls allow an unauthenticated, remote attacker to bypass access restrictions and create arbitrary user accounts. Multiple sources (NVD/NVDCNVD, CNVD, CVE list, and Cisco advisory) corroborate that the R...

7.5CVSS7.5AI score0.01256EPSS
CVE
CVE
added 2016/02/12 1:0 a.m.45 views

CVE-2016-1323

The CVE-2016-1323 entry concerns Cisco Spark’s REST interface. The vulnerability allows an authenticated, remote attacker to view sensitive information by requesting a file from the REST API. The underlying cause is insufficient protections of sensitive data, enabling information disclosure. AFFE...

4.3CVSS4.1AI score0.0085EPSS
CVE
CVE
added 2015/09/24 2:0 p.m.42 views

CVE-2015-6303

CVE-2015-6303 concerns the Cisco Spark mobile app (2015-07-04 build) where SSL/TLS certificate validation is flawed. The root cause is improper verification of X.509 certificates from SSL servers, enabling a man-in-the-middle attacker to spoof servers and access sensitive information via a crafte...

4.3CVSS6.1AI score0.00537EPSS
CVE
CVE
added 2016/02/12 1:0 a.m.41 views

CVE-2016-1324

CVE-2016-1324 affects Cisco Spark’s REST interface (Cisco Spark 2015-06). The issue arises from missing authorization checks on certain administrative pages, enabling an unauthenticated, remote attacker to cause a denial of service (resource outage) by accessing an admin page. Cisco’s advisory Ci...

5.3CVSS5.3AI score0.01265EPSS