Cisco Webex Event Center vulnerabilities

5 known vulnerabilities affecting cisco/cisco_webex_event_center.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-3116MEDIUMCVSS 5.5vn/a2020-09-23
CVE-2020-3116 [MEDIUM] CWE-20 CVE-2020-3116: A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) fi A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email
cvelistv5nvd
CVE-2019-15987MEDIUMCVSS 5.3≥ unspecified, < n/a2019-11-26
CVE-2019-15987 [MEDIUM] CWE-287 CVE-2019-15987: A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by se
cvelistv5nvd
CVE-2018-15442HIGHCVSS 7.8PoCv33.5.02018-10-24
CVE-2018-15442 [HIGH] CWE-78 CVE-2018-15442: A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a
cvelistv5nvd
CVE-2018-15436MEDIUMCVSS 6.1vn/a2018-10-05
CVE-2018-15436 [MEDIUM] CWE-79 CVE-2018-15436: A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meet A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vul
cvelistv5nvd
CVE-2017-12365MEDIUMCVSS 4.3vCisco WebEx Event Center2017-11-30
CVE-2017-12365 [MEDIUM] CWE-200 CVE-2017-12365: A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unliste
cvelistv5