Cisco Webex Meetings Server vulnerabilities

CVE-2014-3395 [MEDIUM] CWE-20 CVE-2014-3395: Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary f Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.

CVE-2014-3302 [MEDIUM] CWE-310 CVE-2014-3302: user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the toke user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3305 [MEDIUM] CWE-352 CVE-2014-3305: Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3301 [MEDIUM] CWE-200 CVE-2014-3301: The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows re The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3296 [MEDIUM] CWE-200 CVE-2014-3296: The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527.

CVE-2014-2199 [MEDIUM] CWE-200 CVE-2014-2199: meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a mee

CVE-2018-0110 Cisco WebEx Meetings Server Remote Account Disabling Vulnerability CVE-2018-0110: Cisco WebEx Meetings Server Remote Account Disabling Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, eve

CVE-2018-0109 Cisco WebEx Meetings Server Information Disclosure Vulnerability CVE-2018-0109: Cisco WebEx Meetings Server Information Disclosure Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could all

CVE-2017-12257 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability CVE-2017-12257: Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the aff

CVE-2018-0108 Cisco WebEx Meetings Server Information Disclosure Vulnerability CVE-2018-0108: Cisco WebEx Meetings Server Information Disclosure Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacke

CVE-2018-0111 Cisco WebEx Meetings Server Information Disclosure Vulnerability CVE-2018-0111: Cisco WebEx Meetings Server Information Disclosure Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could i

CVE-2017-12294 Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability CVE-2017-12294: Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit thi

CVE-2017-12295 Cisco WebEx Meetings Server Information Disclosure Vulnerability CVE-2017-12295: Cisco WebEx Meetings Server Information Disclosure Vulnerability A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Serve