9 matches found
CVE-2022-20863
Cisco Webex App (formerly Webex Teams) contains a vulnerability in its messaging interface that could allow an unauthenticated, remote attacker to manipulate displayed links or content by exploiting improper handling of character rendering. The issue arises when messages are processed in the inte...
CVE-2020-3541
CVE-2020-3541 affects Cisco Webex on Windows (Webex Meetings Client/Desktop App/Teams). The root cause is unsafe logging of authentication requests, allowing an authenticated, local attacker to read log files in the application directory and access sensitive information. Impact is information dis...
CVE-2021-1242
CVE-2021-1242 affects Cisco Webex Teams (Webex/Jabber client) where the shared-file name display can be manipulated due to improper character rendering. An unauthenticated, remote attacker could share a file to alter how the file name appears in the messaging interface, enabling phishing or spoof...
CVE-2019-1689
Cisco Webex Teams for iOS has a vulnerability in the iOS client app’s input validation that could allow an authenticated, remote attacker to upload arbitrary files within the app’s scope. An attacker could lure a targeted user into opening a malicious file, potentially overwriting sensitive appli...
CVE-2019-1939
Cisco Webex Teams for Windows is affected by a command-execution vulnerability arising from improper restrictions on the software’s logging features. An unauthenticated, remote attacker can lure a target user to visit a crafted website, enabling the attacker to modify files and run arbitrary comm...
CVE-2019-16001
Cisco Webex Teams for Windows is affected by CVE-2019-16001: a DLL hijacking vulnerability due to insufficient validation of resources loaded at run time. An authenticated, local attacker can craft a malicious DLL and place it in a specific location; the DLL executes when the vulnerable app launc...
CVE-2020-3155
CVE-2020-3155 is a Cisco Intelligent Proximity SSL certificate validation vulnerability. The issue stems from a lack of validation of the SSL server certificate when establishing connections to Cisco Webex video devices or Cisco collaboration endpoints. An unauthenticated, remote attacker could p...
CVE-2018-0436
CVE-2018-0436 concerns Cisco Webex Teams (formerly Cisco Spark). The issue arises from insufficient checks for associations between user accounts and organization accounts, enabling an authenticated, remote attacker with administrator or compliance officer privileges for one organization to view ...
CVE-2020-26067
CVE-2020-26067 concerns Cisco Webex Teams web interface. Affected component: web-based interface; issue arises from improper validation of usernames. An authenticated, remote attacker can create an account containing malicious HTML/script and join a space with that name, enabling cross-site scrip...