CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15987 – Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15987
26 Nov 2019 — A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the u... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 16%CPEs: 63EXPL: 0CVE-2017-6753
https://notcve.org/view.php?id=CVE-2017-6753
25 Jul 2017 — A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defec... • http://www.securityfocus.com/bid/99614 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2199
https://notcve.org/view.php?id=CVE-2014-2199
20 May 2014 — meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. meetinginfo.do en Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Ce... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6966
https://notcve.org/view.php?id=CVE-2013-6966
17 Dec 2013 — Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. Vulnerabilidad de redirección abierta en Cisco WebEx Training Center que permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados, también conocido como Bug ID CSCul36031. • http://osvdb.org/100909 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6965
https://notcve.org/view.php?id=CVE-2013-6965
14 Dec 2013 — The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. El componente de registro en Cisco WebEx Training Center proporciona la URL de sesión antes de que se complete la confirmación por e-mail, lo que permite a atacantes remotos evitar las restricciones de acceso prev... • http://osvdb.org/100911 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6709
https://notcve.org/view.php?id=CVE-2013-6709
14 Dec 2013 — The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul57111. El componente de registro en Cisco WebEx Training Center proporciona la URL de capacitación de sesión antes de que se complete el pago, que permite a atacantes remotos evitar las restricciones de acceso previstos y unirse a u... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6971
https://notcve.org/view.php?id=CVE-2013-6971
14 Dec 2013 — Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. Vulnerabilidad de redirección abierta en Cisco WebEx Training Center permite a atacantes remotos redirigir a usuarios hacia sitios web arbitrarios o llevar a cabo ataques de phishing a través de vectores no especificados, también conocido como Bug ID CSCul57140. • http://osvdb.org/100910 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6969
https://notcve.org/view.php?id=CVE-2013-6969
14 Dec 2013 — The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. La página training-registration en Cisco WebEx Training Center permite a atacantes remotos modificar campos no especificados a través de vectores desconocidos, también conocido como Bug ID CSCul35990. • http://osvdb.org/101003 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6972
https://notcve.org/view.php?id=CVE-2013-6972
14 Dec 2013 — Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. Cisco WebEx Training Center permite a atacantes remotos descubrir números de sesión, y evadir la aprobación de host para asistencias de audio-conference, mediante la lectura de código fuente HTML, también conocido como Bug ID CSCul57126. • http://osvdb.org/100914 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6710
https://notcve.org/view.php?id=CVE-2013-6710
14 Dec 2013 — Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Training Center allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCul25567. Vulnerabilidad Cross-site requets forgery (CSRF) en Cisco WeBeX Training Center permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos, tambien conocido como Bug ID CSCul25567. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6710 • CWE-352: Cross-Site Request Forgery (CSRF) •