CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2015-4262
https://notcve.org/view.php?id=CVE-2015-4262
24 Jul 2015 — The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. Vulnerabilidad en la funcionalidad password-change en Cisco Unified MeetingPlace Web Conferencing en versiones anteriores a la 8.5(5) MR3 y 8.6 anteriores a la 8.6(2), no comprueba el ID de sesión o exige el ingreso... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-0614
https://notcve.org/view.php?id=CVE-2009-0614
26 Feb 2009 — Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. Una vulnerabilidad no especificada en Cisco Unified MeetingPlace Web Conferencing Web 6.0 antes de 6.0(517.0) (alias 6.0 MR4) y 7.0 antes de 7.0 (2) (alias 7.0 MR1) permite a atacantes remotos eludir la autenticación y obtener acceso administrativo... • http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml • CWE-287: Improper Authentication •