Webex Meetings Server Security Vulnerabilities and Issues — Webex Meetings Server CVE List

Lucene search

CiscoWebex Meetings Server

18 matches found

CVE•added 2020/07/16 6:15 p.m.•516 views

CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could exp...

4.3CVSS4.5AI score0.00535EPSS

CVE•added 2018/01/18 6:29 a.m.•55 views

CVE-2018-0109

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in ...

4CVSS3.7AI score0.00247EPSS

CVE•added 2014/07/28 5:55 p.m.•50 views

CVE-2014-3303

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713.

4CVSS6.4AI score0.00384EPSS

CVE•added 2014/06/10 11:19 a.m.•44 views

CVE-2014-3294

Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691.

4CVSS6AI score0.00279EPSS

CVE•added 2013/08/02 12:10 p.m.•43 views

CVE-2013-3448

Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315.

4CVSS6.4AI score0.00256EPSS

CVE•added 2021/02/04 5:15 p.m.•43 views

CVE-2021-1221

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulne...

4.1CVSS4.3AI score0.00353EPSS

CVE•added 2014/01/29 6:34 p.m.•42 views

CVE-2014-0682

Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.

4.9CVSS6.5AI score0.00814EPSS

CVE•added 2015/03/20 1:59 a.m.•42 views

CVE-2015-0668

Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.

4.3CVSS5.9AI score0.00263EPSS

CVE•added 2013/06/06 1:2 p.m.•41 views

CVE-2013-1205

The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords via crafted URLs, aka Bug ID CSCue62485.

4.3CVSS7.1AI score0.0031EPSS

CVE•added 2014/06/21 3:55 p.m.•41 views

CVE-2014-3296

The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.

4CVSS5.9AI score0.00277EPSS

CVE•added 2020/08/17 6:15 p.m.•39 views

CVE-2020-3501

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web s...

4.1CVSS4.5AI score0.00169EPSS

CVE•added 2014/07/10 11:6 a.m.•38 views

CVE-2014-3310

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

4.3CVSS6.8AI score0.00294EPSS

CVE•added 2014/10/05 1:55 a.m.•37 views

CVE-2014-3400

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344.

4CVSS6AI score0.00162EPSS

CVE•added 2015/01/09 2:59 a.m.•37 views

CVE-2014-8030

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2015/01/09 2:59 a.m.•37 views

CVE-2014-8032

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.

4CVSS6AI score0.00207EPSS

CVE•added 2015/05/15 1:59 a.m.•36 views

CVE-2015-0634

Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310.

4.3CVSS5.8AI score0.00416EPSS

CVE•added 2020/08/17 6:15 p.m.•36 views

CVE-2020-3502

4.1CVSS4.5AI score0.00169EPSS

CVE•added 2014/01/16 7:55 p.m.•35 views

CVE-2013-6687

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876.

4CVSS6.5AI score0.00162EPSS