CVE-2021-1569

CWE-399 CWE-20 — Improper Input Validation CWE-522 — Insufficiently Protected Credentials CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 46.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Jabber Cisco Cisco Jabber

Timeline

PublishedJun 16

Latest updateMay 24

Description

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/jabber12.9 — 12.9.6.55898+1

▶CVEListV5cisco/cisco_jabbern/a

🔴Vulnerability Details

GHSA

GHSA-5g7p-v93f-fjp9: Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access se↗2022-05-24

▶

CVEList

Cisco Jabber Desktop and Mobile Client Software Vulnerabilities↗2021-06-16

▶

GHSA

Node-Redis potential exponential regex in monitor mode↗2021-04-27

▶

📋Vendor Advisories

Cisco

Cisco Jabber Desktop and Mobile Client Software Vulnerabilities↗2021-06-16

▶