CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3412 – Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3412
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. Una vulnerabilidad en la funcionalidad scheduled meeting template de Cisco Webex Meetings podría permitir a un atacante remoto autenticado crear una plantilla de reunión programada que podría pertenecer a otro usuario de su organización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-smtcreate-YmuD5Sk • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3413 – Cisco Webex Meetings Scheduled Meeting Template Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-3413
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves. Una vulnerabilidad en la funcionalidad scheduled meeting template de Cisco Webex Meetings podría permitir a un atacante remoto autenticado eliminar una plantilla de reunión programada que pertenece a otro usuario de su organización. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-smtdelete-gJDurOgR • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3463 – Cisco Webex Meetings Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-3463
A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Webex Meetings podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de administración basada en web del servicio afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mttngs-xss-3VbdxDuF • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3472 – Cisco Webex Meetings User Email Address Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3472
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. Una vulnerabilidad en la funcionalidad contacts de Cisco Webex Meetings podría permitir a un atacante remoto autenticado con una cuenta de usuario legítima acceder a información confidencial. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 4.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-3501 – Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
https://notcve.org/view.php?id=CVE-2020-3501
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users. Múltiples vulnerabilidades en la interfaz de usuario de Cisco Webex Meetings Desktop App podrían permitir a un atacante remoto autenticado obtener información restringida de otros usuarios de Webex. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp • CWE-20: Improper Input Validation •