Sign-up

ID

VAR-201501-0337


CVE

CVE-2014-8036


TITLE

Cisco WebEx Meetings Server of outlookpa Component meeting invitation list change vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007562

DESCRIPTION

The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which allows remote attackers to modify a meeting's invite list via a crafted URL, aka Bug ID CSCuj40254. Vendors have confirmed this vulnerability Bug ID CSCuj40254 It is released as.Skillfully crafted by a third party URL The meeting invitation list may be changed through. Cisco WebEx Meetings Server is prone to a security vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuj40254. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. There is a security vulnerability in the outlookpa component of CWMS, which is caused by the program not properly validating API input

Trust: 1.98

sources: NVD: CVE-2014-8036 // JVNDB: JVNDB-2014-007562 // BID: 71982 // VULHUB: VHN-75981

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meetings serverscope:eqversion:0

Trust: 0.3

sources: BID: 71982 // JVNDB: JVNDB-2014-007562 // CNNVD: CNNVD-201501-200 // NVD: CVE-2014-8036

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8036
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8036
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-200
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75981
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8036
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75981
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75981 // JVNDB: JVNDB-2014-007562 // CNNVD: CNNVD-201501-200 // NVD: CVE-2014-8036

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-75981 // JVNDB: JVNDB-2014-007562 // NVD: CVE-2014-8036

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-200

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201501-200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007562

PATCH
title:Cisco WebEx Meetings Server Unauthorized Invite List Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8036
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007562

EXTERNAL IDS
db:NVDid:CVE-2014-8036
Trust: 2.8
db:BIDid:71982
Trust: 1.4
db:SECUNIAid:60330
Trust: 1.1
db:JVNDBid:JVNDB-2014-007562
Trust: 0.8
db:CNNVDid:CNNVD-201501-200
Trust: 0.7
db:VULHUBid:VHN-75981
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75981 // 
            
            
            
            BID: 71982 // 
            
            
            
            JVNDB: JVNDB-2014-007562 // 
            
            
            
            CNNVD: CNNVD-201501-200 // 
            
            
            
            NVD: CVE-2014-8036

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8036
Trust: 2.0
url:http://www.securityfocus.com/bid/71982
Trust: 1.1
url:http://secunia.com/advisories/60330
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100571
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8036
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8036
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75981 // 
            
            
            
            BID: 71982 // 
            
            
            
            JVNDB: JVNDB-2014-007562 // 
            
            
            
            CNNVD: CNNVD-201501-200 // 
            
            
            
            NVD: CVE-2014-8036

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71982

SOURCES
db:VULHUBid:VHN-75981
db:BIDid:71982
db:JVNDBid:JVNDB-2014-007562
db:CNNVDid:CNNVD-201501-200
db:NVDid:CVE-2014-8036

LAST UPDATE DATE
2024-11-23T22:31:11.261000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75981date:2017-09-08T00:00:00
db:BIDid:71982date:2015-01-09T00:00:00
db:JVNDBid:JVNDB-2014-007562date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-200date:2015-01-14T00:00:00
db:NVDid:CVE-2014-8036date:2024-11-21T02:18:28.227

SOURCES RELEASE DATE
db:VULHUBid:VHN-75981date:2015-01-10T00:00:00
db:BIDid:71982date:2015-01-09T00:00:00
db:JVNDBid:JVNDB-2014-007562date:2015-01-13T00:00:00
db:CNNVDid:CNNVD-201501-200date:2015-01-12T00:00:00
db:NVDid:CVE-2014-8036date:2015-01-10T02:59:30.977