CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0276
https://notcve.org/view.php?id=CVE-2018-0276
A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi07812. • http://www.securityfocus.com/bid/103921 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-webcon • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2017-17428
https://notcve.org/view.php?id=CVE-2017-17428
Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. Los SDK (software development kit) de Cavium Nitrox SSL, Nitrox V SSL y TurboSSL permiten que atacantes remotos descifren datos TLS cifrados aprovechando un oráculo de relleno RSA Bleichenbacher. Esto también se conoce como ataque ROBOT. • http://www.securityfocus.com/bid/102170 http://www.securitytracker.com/id/1039984 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher https://www.cavium.com/security-advisory-cve-2017-17428.html https://www.kb.cert.org/vuls/id/144389 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0108
https://notcve.org/view.php?id=CVE-2018-0108
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. • http://www.securityfocus.com/bid/102720 http://www.securitytracker.com/id/1040238 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0111
https://notcve.org/view.php?id=CVE-2018-0111
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. • http://www.securityfocus.com/bid/102723 http://www.securitytracker.com/id/1040237 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0110
https://notcve.org/view.php?id=CVE-2018-0110
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. • http://www.securityfocus.com/bid/102773 http://www.securitytracker.com/id/1040236 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2 • CWE-254: 7PK - Security Features CWE-863: Incorrect Authorization •