Skip to main content

Webex Meeting Center CVE-2015-4208

HIGH
SQL Injection (CWE-89)
2015-06-24 psirt@cisco.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Jun 24, 2015 - 10:59 cve.org
HIGH 7.5

DescriptionCVE.org

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.

AnalysisAI

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. Affected products include: Cisco Webex Meeting Center.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2017-3823 HIGH POC
8.8 Feb 01

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta

CVE-2017-6753 HIGH
8.8 Jul 25

A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated,

CVE-2015-6360 HIGH
7.5 Apr 21

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via

CVE-2016-1410 HIGH
7.5 May 28

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username

CVE-2017-12359 MEDIUM
6.5 Nov 30

A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could

CVE-2015-4209 MEDIUM
6.4 Jun 23

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote at

CVE-2017-12366 MEDIUM
6.1 Nov 30

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2017-12298 MEDIUM
6.1 Oct 19

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site sc

CVE-2014-3311 MEDIUM
5.1 Jul 10

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx

CVE-2017-12286 MEDIUM
5.5 Oct 19

A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profi

CVE-2017-3799 MEDIUM
5.4 Jan 26

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perf

CVE-2019-15987 MEDIUM
5.3 Nov 26

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center

Share

CVE-2015-4208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy