Cisco Jabber vulnerabilities

CVE-2018-0449 [MEDIUM] CWE-275 CVE-2018-0449: A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authentic

CVE-2018-0201 [MEDIUM] CWE-79 CVE-2018-0201: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant mess

CVE-2018-0199 [MEDIUM] CWE-79 CVE-2018-0199: A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attack A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScr

CVE-2017-12356 [MEDIUM] CWE-79 CVE-2017-12356: A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input b

CVE-2017-12358 [MEDIUM] CWE-79 CVE-2017-12358: A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based manageme

CVE-2017-12361 [MEDIUM] CWE-200 CVE-2017-12361: A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file

CVE-2017-12284 [MEDIUM] CWE-200 CVE-2017-12284: A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulner

CVE-2017-12286 [MEDIUM] CWE-20 CVE-2017-12286: A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vu

CVE-2015-6409 [MEDIUM] CWE-200 CVE-2015-6409: Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STA Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.

CVE-2015-4218 [MEDIUM] CWE-200 CVE-2015-4218: The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.

CVE-2014-0666 [MEDIUM] CWE-22 CVE-2014-0666: Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.