CVE-2021-34743

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
7.1HIGH
EPSS
0.2%
top 54.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Webex Meetings
Timeline
PublishedOct 21
Latest updateMay 24

Description

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xggx-cjmv-qpq3: A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an externa2022-05-24
CVEList
Cisco Webex Software Application Authorization Bypass Vulnerability2021-10-21

📋Vendor Advisories

1
Cisco
Cisco Webex Software Application Authorization Bypass Vulnerability2021-10-20
CVE-2021-34743 (HIGH CVSS 7.1) | A vulnerability in the application | cvebase.io