Spark Security Vulnerabilities and Issues — Spark CVE List

Lucene search

CiscoSpark

5 matches found

CVE•added 2017/10/05 7:29 a.m.•51 views

CVE-2017-12269

A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulne...

5.4CVSS5.2AI score0.00363EPSS

CVE•added 2016/02/12 1:59 a.m.•39 views

CVE-2016-1322

The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.

7.5CVSS7.5AI score0.00383EPSS

CVE•added 2016/02/12 1:59 a.m.•33 views

CVE-2016-1323

The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.

4.3CVSS4.1AI score0.00172EPSS

CVE•added 2015/09/24 2:59 p.m.•31 views

CVE-2015-6303

The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.

4.3CVSS6.1AI score0.00141EPSS

CVE•added 2016/02/12 1:59 a.m.•30 views

CVE-2016-1324

The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.

5.3CVSS5.3AI score0.00484EPSS