CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 413CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40128 – Cisco Webex Meetings Email Content Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-40128
04 Nov 2021 — A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an acc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy • CWE-183: Permissive List of Allowed Inputs •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34743 – Cisco Webex Software Application Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34743
21 Oct 2021 — A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicio... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1544 – Cisco Webex Meetings Client Software Logging Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1544
04 Jun 2021 — A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions. Una ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-8fpBnKOz • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-1536 – Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1536
04 Jun 2021 — A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-1525 – Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2021-1525
04 Jun 2021 — A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-redirect-XuZFU3PH • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2021-1517 – Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1517
04 Jun 2021 — A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-multimedia-26DpqVRO • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-1503 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1503
04 Jun 2021 — A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. This vulnerability is due to insufficient validation of values in Webex recording files that are in either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-rCFDeVj2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-1502 – Cisco Webex Network Recording Player and Webex Player Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-1502
04 Jun 2021 — A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. The vulnerability is due to insufficient validation of values within Webex recording files formatted as either Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit the vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-dOJ2jOJ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-1467 – Cisco Webex Meetings for Android Avatar Modification Vulnerability
https://notcve.org/view.php?id=CVE-2021-1467
08 Apr 2021 — A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. Una vulnerabilidad en Cisco Webex Meetings para A... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-andro-iac-f3UR8frB • CWE-284: Improper Access Control •