CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15987 – Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-15987
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user. Una vulnerabilidad en la interfaz web de Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center y Cisco Webex Training Center, podría permitir a un atacante remoto no autenticado adivinar los nombres de usuario de las cuentas. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-webex-centers-infodis • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 3%CPEs: 63EXPL: 0CVE-2017-6753
https://notcve.org/view.php?id=CVE-2017-6753
A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. • http://www.securityfocus.com/bid/99614 http://www.securitytracker.com/id/1038909 http://www.securitytracker.com/id/1038910 http://www.securitytracker.com/id/1038911 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2199
https://notcve.org/view.php?id=CVE-2014-2199
meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738. meetinginfo.do en Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) y anteriores y WebEx Business Suite (WBS) 27 anterior a 27.32.31.16, 28 anterior a 28.12.13.18 y 29 anterior a 29.5.1.12 permite a atacantes remotos obtener información sensible de reuniones mediante el aprovechamiento de conocimiento de un identificador de reunión, también conocido como Bug IDs CSCuo68624 y CSCue46738. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199 http://tools.cisco.com/security/center/viewAlert.x?alertId=34252 http://www.securitytracker.com/id/1030251 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6966
https://notcve.org/view.php?id=CVE-2013-6966
Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. Vulnerabilidad de redirección abierta en Cisco WebEx Training Center que permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados, también conocido como Bug ID CSCul36031. • http://osvdb.org/100909 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6966 http://tools.cisco.com/security/center/viewAlert.x?alertId=32149 http://www.securitytracker.com/id/1029492 https://exchange.xforce.ibmcloud.com/vulnerabilities/89686 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6965
https://notcve.org/view.php?id=CVE-2013-6965
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. El componente de registro en Cisco WebEx Training Center proporciona la URL de sesión antes de que se complete la confirmación por e-mail, lo que permite a atacantes remotos evitar las restricciones de acceso previstos y unirse a una conferencia de audio mediante la introducción de campos de credenciales de esta URL, también conocido como Bug ID CSCul36183. • http://osvdb.org/100911 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965 http://tools.cisco.com/security/center/viewAlert.x?alertId=32157 http://www.securityfocus.com/bid/64281 http://www.securitytracker.com/id/1029492 https://exchange.xforce.ibmcloud.com/vulnerabilities/89691 • CWE-264: Permissions, Privileges, and Access Controls •