19 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-1372
Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows are affected by a local information-disclosure vulnerability due to unsafe shared-memory usage. An authenticated, local attacker with access to system memory can exploit this by running a local app that reads shared memory,...
CVE-2020-3361
CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...
CVE-2020-3441
Cisco Webex Meetings and Cisco Webex Meetings Server are affected by CVE-2020-3441, a information-disclosure vulnerability caused by insufficient protection of sensitive participant information. An unauthenticated, remote attacker could browse the Webex roster and obtain details such as email and...
CVE-2020-3127
Cisco WebEx Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3127 and related CVEs due to improper validation in ARF/WRF file parsing. The root cause is an uninitialized pointer access during ARF/WRF processing, enabling remote code execution. An attacker can e...
CVE-2020-3128
Cisco Webex Network Recording Player and Cisco Webex Player for Windows are affected by CVE-2020-3128 due to insufficient validation of elements in ARF/WRF Webex recordings. An attacker could deliver a crafted ARF/WRF file via link or email and persuade a user to open it, risking arbitrary code e...
CVE-2020-3471
CVE-2020-3471 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The issue is a synchronization flaw between meeting and media services that can allow an unauthenticated, remote attacker to keep bidirectional audio after the attacker is expelled from a Webex session. Attackers could ex...
CVE-2020-3419
CVE-2020-3419 affects Cisco Webex Meetings and Cisco Webex Meetings Server. The root cause is improper handling of authentication tokens, allowing an unauthenticated, remote attacker to join a Webex meeting without appearing on the participant list. Exploitation requires access to join links and ...
CVE-2019-1773
The CVE-2019-1773 issue affects the Cisco Webex Network Recording Player and the Cisco Webex Player for Windows. The vulnerability arises from improper validation of Advanced Recording Format (ARF) and Webex Recording Format (WRF) files, allowing an attacker to execute arbitrary code when a user ...
CVE-2021-1517
CVE-2021-1517 concerns a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Webex Meetings Server . The issue arises from unsafe handling of shared content within the multimedia viewer, enabling an authenticated, remote attacker to bypass security protections by sharing a ...
CVE-2020-3194
The CVE-2020-3194 issue affects Cisco Webex Network Recording Player and Cisco Webex Player on Windows. It arises from insufficient validation of elements within a Webex recording stored as ARF/WRF, allowing an unauthenticated attacker to craft a malicious file and coerce a user to open it, there...
CVE-2019-1954
Cisco Webex Meetings Server Open Redirect (CVE-2019-1954) is due to improper input validation of URL parameters in the web-based management interface. An unauthenticated, remote attacker could craft an HTTP request to cause the application to redirect a user to a malicious URL. Cisco’s advisory s...
CVE-2018-0109
CVE-2018-0109 affects Cisco WebEx Meetings Server (CWMS). The vulnerability is an information-disclosure flaw that could allow an authenticated attacker with root privileges to view sensitive data and shared secrets by accessing the root account. Consequences: potential exposure of application de...
CVE-2018-0111
CVE-2018-0111 concerns Cisco WebEx Meetings Server and is described in multiple sources as an information-disclosure vulnerability that could allow an unauthenticated, remote attacker to access sensitive data about the application. The root cause is a design flaw that could expose internal networ...
CVE-2021-1311
CVE-2021-1311 affects Cisco Webex Meetings and Cisco Webex Meetings Server, specifically the reclaim host role feature. The root cause is a lack of protection against brute-forcing of the host key, enabling an authenticated, remote attacker to take over the host role during a meeting. An attacker...
CVE-2021-1525
Cisco Webex Meetings and Webex Meetings Server are affected by CVE-2021-1525, an input-validation flaw in URL paths that allows an unauthenticated, remote attacker to redirect users to a remote (malicious) file. Exploitation requires convincing a user to follow a crafted URL, enabling the attacke...
CVE-2021-1221
The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...
CVE-2018-0108
Cisco WebEx Meetings Server is affected by an XML External Entity (XXE) injection allowing an unauthenticated, remote attacker to perform out-of-band data exfiltration. The vulnerability enables disclosure of customer files and can be leveraged to gather information for reconnaissance, with the a...
CVE-2018-0110
CVE-2018-0110 affects Cisco WebEx Meetings Server. A design flaw prevents disabling access to configured remote support accounts after web-admin action, enabling an authenticated, remote attacker to connect to the remote support account, modify server configuration and gain access to customer dat...