Cisco Webex Meetings Online vulnerabilities

CVE-2022-20763 [MEDIUM] CWE-502 CVE-2022-20763: A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authent A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetin

CVE-2021-1525 [MEDIUM] CWE-601 CVE-2021-1525: A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticat A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL th

CVE-2021-1517 [MEDIUM] CWE-693 CVE-2021-1517: A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Se A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file throug

CVE-2019-15287 [HIGH] CWE-119 CVE-2019-15287: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15283 [HIGH] CWE-119 CVE-2019-15283: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15285 [HIGH] CWE-119 CVE-2019-15285: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2020-3116 [MEDIUM] CWE-20 CVE-2020-3116: A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) fi A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email

CVE-2020-3412 [MEDIUM] CWE-284 CVE-2020-3412: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an aut A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker c

CVE-2020-3463 [MEDIUM] CWE-79 CVE-2020-3463: A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthe A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based management

CVE-2020-3413 [MEDIUM] CWE-284 CVE-2020-3413: A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an aut A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker cou

CVE-2020-3472 [MEDIUM] CWE-200 CVE-2020-3472: A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by se

CVE-2020-3194 [HIGH] CWE-119 CVE-2020-3194: A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the

CVE-2020-3128 [HIGH] CWE-20 CVE-2020-3128: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording For

CVE-2020-3127 [HIGH] CWE-20 CVE-2020-3127: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording For

CVE-2020-3142 [HIGH] CWE-284 CVE-2020-3142: A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allo A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeti

CVE-2019-15286 [HIGH] CWE-119 CVE-2019-15286: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15284 [HIGH] CWE-119 CVE-2019-15284: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (

CVE-2019-15987 [MEDIUM] CWE-287 CVE-2019-15987: A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by se

CVE-2019-1924 [HIGH] CWE-119 CVE-2019-1924: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A

CVE-2019-1925 [HIGH] CWE-119 CVE-2019-1925: Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Web Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. A