5 matches found
CVE-2017-12269
CVE-2017-12269 affects the web UI of Cisco Spark Messaging Software. The issue is stored XSS caused by insufficient input validation in the web UI, allowing an authenticated, remote attacker to inject XSS content. A successful exploit could force a user to execute attacker-specified code or leak ...
CVE-2016-1322
The CVE-2016-1322 case concerns Cisco Spark’s REST interface, where improper authorization controls allow an unauthenticated, remote attacker to bypass access restrictions and create arbitrary user accounts. Multiple sources (NVD/NVDCNVD, CNVD, CVE list, and Cisco advisory) corroborate that the R...
CVE-2016-1323
The CVE-2016-1323 entry concerns Cisco Spark’s REST interface. The vulnerability allows an authenticated, remote attacker to view sensitive information by requesting a file from the REST API. The underlying cause is insufficient protections of sensitive data, enabling information disclosure. AFFE...
CVE-2015-6303
CVE-2015-6303 concerns the Cisco Spark mobile app (2015-07-04 build) where SSL/TLS certificate validation is flawed. The root cause is improper verification of X.509 certificates from SSL servers, enabling a man-in-the-middle attacker to spoof servers and access sensitive information via a crafte...
CVE-2016-1324
CVE-2016-1324 affects Cisco Spark’s REST interface (Cisco Spark 2015-06). The issue arises from missing authorization checks on certain administrative pages, enabling an unauthenticated, remote attacker to cause a denial of service (resource outage) by accessing an admin page. Cisco’s advisory Ci...