Skip to main content

Webex Meetings Server

132 CVEs product

Monthly

CVE-2016-1450 HIGH This Week

Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Webex Meetings Server
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1449 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1447 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1446 HIGH This Week

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Webex Meetings Server
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-1389 HIGH This Week

Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings Server
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-1309 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-4281 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-4276 MEDIUM This Month

Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Webex Meetings Server
NVD
CVSS 2.0
6.5
EPSS
1.2%
CVE-2015-0634 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0668 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0589 CRITICAL Act Now

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
9.0
EPSS
0.7%
CVE-2015-0597 MEDIUM This Month

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0596 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-0595 MEDIUM This Month

The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-8034 MEDIUM This Month

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-8036 MEDIUM This Month

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8035 MEDIUM This Month

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8033 MEDIUM This Month

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8032 MEDIUM This Month

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-8031 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-8030 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3400 MEDIUM This Month

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3395 MEDIUM This Month

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3302 MEDIUM This Month

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco PHP Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2014-3304 MEDIUM This Month

The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3303 MEDIUM This Month

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-3305 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-3301 MEDIUM This Month

The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-3311 MEDIUM This Month

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Buffer Overflow RCE Webex Meeting Center Webex Meetings Server
NVD
CVSS 2.0
5.1
EPSS
3.1%
CVE-2014-3310 MEDIUM This Month

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3296 MEDIUM This Month

The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3294 MEDIUM This Month

Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3286 MEDIUM This Month

The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-2199 MEDIUM This Month

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Business Suite Webex Event Center Webex Meeting Center +3
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-2186 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-0682 MEDIUM This Month

Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Webex Meetings Server
NVD
CVSS 2.0
4.9
EPSS
0.8%
CVE-2013-6687 MEDIUM This Month

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-5529 MEDIUM This Month

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Webex Meetings Server
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2013-3448 MEDIUM This Month

Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Meetings Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-1205 MEDIUM This Month

The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-1232 MEDIUM This Month

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server Webex Node For Asr 1000 Series Webex Node For Mcs
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1231 MEDIUM This Month

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server Webex Node For Mcs
NVD
CVSS 2.0
5.0
EPSS
0.2%
EPSS 1% CVSS 7.5
HIGH This Week

Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Webex Meetings Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Webex Meetings Server
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Webex Meetings Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge for each login attempt, which makes it easier for remote attackers to obtain access via a brute-force approach of guessing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive information by reading logs, aka Bug IDs CSCuq36417 and CSCuq40344. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Cisco PHP Information Disclosure +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 3% CVSS 5.1
MEDIUM This Month

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Information Disclosure Webex Meeting Center +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Business Suite +5
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Webex Meetings Server
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM This Month

Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The deployment module in the server in Cisco WebEx Meeting Center does not properly validate the passphrase, which allows remote attackers to launch a deployment or cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Webex Meetings Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Server
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Server, and WebEx Node for ASR 1000 Series allows remote attackers to read the contents of uninitialized memory locations via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Server +1
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy