CVE-2016-1389 — Improper Input Validation in Cisco Webex Meetings Server

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 54.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Meetings Server

Timeline

PublishedApr 28

Latest updateMay 17

Description

Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/webex_meetings_server2.6.0

🔴Vulnerability Details

GHSA

GHSA-h3rw-6j23-h8mc: Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2↗2022-05-17

▶

CVEList

CVE-2016-1389: Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2↗2016-04-28

▶

📋Vendor Advisories

Cisco

Cisco WebEx Meetings Server Open Redirect Vulnerability↗2016-04-28

▶