Cisco Webex Meetings Server vulnerabilities

106 known vulnerabilities affecting cisco/webex_meetings_server.

Total CVEs

106

CISA KEV

1

actively exploited

Public exploits

2

Exploited in wild

1

Severity breakdown

CRITICAL8HIGH59MEDIUM38LOW1

Vulnerabilities

Page 6 of 6

CVE-2014-3395MEDIUMCVSS 5.0v2.52014-09-30

CVE-2014-3395 [MEDIUM] CWE-20 CVE-2014-3395: Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary f Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.

CVE-2014-3302MEDIUMCVSS 5.8≤ 1.5\(.1.131\)v1.5+1 more2014-08-01

CVE-2014-3302 [MEDIUM] CWE-310 CVE-2014-3302: user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the toke user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3305MEDIUMCVSS 6.8≤ 1.5\(.1.131\)v1.5+1 more2014-07-26

CVE-2014-3305 [MEDIUM] CWE-352 CVE-2014-3305: Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3301MEDIUMCVSS 5.0≤ 1.5\(.1.131\)v1.5+1 more2014-07-26

CVE-2014-3301 [MEDIUM] CWE-200 CVE-2014-3301: The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows re The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3296MEDIUMCVSS 4.0≤ 1.5\(.1.131\)v1.5\(.1.6\)2014-06-21

CVE-2014-3296 [MEDIUM] CWE-200 CVE-2014-3296: The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.

CVE-2014-2199MEDIUMCVSS 5.0≤ 1.5\(.1.131\)2014-05-20

CVE-2014-2199 [MEDIUM] CWE-200 CVE-2014-2199: meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a mee

← Previous6 / 6

Cisco Webex Meetings Server vulnerabilities | cvebase