Sign-up

ID

VAR-201506-0296


CVE

CVE-2015-4208


TITLE

Cisco WebEx Meeting Center Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2015-003266

DESCRIPTION

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. Cisco WebEx Meeting Center is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug Id CSCup88398. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

Trust: 1.98

sources: NVD: CVE-2015-4208 // JVNDB: JVNDB-2015-003266 // BID: 75361 // VULHUB: VHN-82169

AFFECTED PRODUCTS

vendor:ciscomodel:webex meeting centerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:webex meeting centerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex meeting centerscope:eqversion:0

Trust: 0.3

sources: BID: 75361 // JVNDB: JVNDB-2015-003266 // CNNVD: CNNVD-201506-484 // NVD: CVE-2015-4208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4208
value: HIGH

Trust: 1.0

NVD: CVE-2015-4208
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-484
value: HIGH

Trust: 0.6

VULHUB: VHN-82169
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4208
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82169
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82169 // JVNDB: JVNDB-2015-003266 // CNNVD: CNNVD-201506-484 // NVD: CVE-2015-4208

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-82169 // JVNDB: JVNDB-2015-003266 // NVD: CVE-2015-4208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-484

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-484

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003266

PATCH
title:39458url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39458
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003266

EXTERNAL IDS
db:NVDid:CVE-2015-4208
Trust: 2.8
db:BIDid:75361
Trust: 1.4
db:SECTRACKid:1032705
Trust: 1.1
db:JVNDBid:JVNDB-2015-003266
Trust: 0.8
db:CNNVDid:CNNVD-201506-484
Trust: 0.6
db:VULHUBid:VHN-82169
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82169 // 
            
            
            
            BID: 75361 // 
            
            
            
            JVNDB: JVNDB-2015-003266 // 
            
            
            
            CNNVD: CNNVD-201506-484 // 
            
            
            
            NVD: CVE-2015-4208

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39458
Trust: 2.0
url:http://www.securityfocus.com/bid/75361
Trust: 1.1
url:http://www.securitytracker.com/id/1032705
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4208
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4208
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://meetmenow.webex.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82169 // 
            
            
            
            BID: 75361 // 
            
            
            
            JVNDB: JVNDB-2015-003266 // 
            
            
            
            CNNVD: CNNVD-201506-484 // 
            
            
            
            NVD: CVE-2015-4208

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75361

SOURCES
db:VULHUBid:VHN-82169
db:BIDid:75361
db:JVNDBid:JVNDB-2015-003266
db:CNNVDid:CNNVD-201506-484
db:NVDid:CVE-2015-4208

LAST UPDATE DATE
2024-11-23T22:01:44.875000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82169date:2016-12-28T00:00:00
db:BIDid:75361date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003266date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-484date:2015-06-26T00:00:00
db:NVDid:CVE-2015-4208date:2024-11-21T02:30:38.163

SOURCES RELEASE DATE
db:VULHUBid:VHN-82169date:2015-06-24T00:00:00
db:BIDid:75361date:2015-06-23T00:00:00
db:JVNDBid:JVNDB-2015-003266date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-484date:2015-06-25T00:00:00
db:NVDid:CVE-2015-4208date:2015-06-24T10:59:05.930