U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 20 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-15987

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user.

Published: November 25, 2019; 11:15:11 PM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-12298

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78615, CSCvf78628.

Published: October 19, 2017; 4:29:00 AM -0400
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1410

Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.

Published: May 27, 2016; 9:59:01 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-4212

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by discovering credentials, aka Bug ID CSCut17466.

Published: June 24, 2015; 6:59:08 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4208

Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.

Published: June 24, 2015; 6:59:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4210

Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.

Published: June 23, 2015; 10:59:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-4209

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.

Published: June 23, 2015; 10:59:04 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2015-4207

Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147.

Published: June 23, 2015; 10:59:03 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4194

The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.

Published: June 18, 2015; 9:59:01 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0590

Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action, aka Bug ID CSCuo34165.

Published: January 17, 2015; 6:59:05 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0583

Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281.

Published: January 14, 2015; 2:59:04 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3311

Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

Published: July 10, 2014; 7:06:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2014-3310

The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

Published: July 10, 2014; 7:06:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-2199

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.

Published: May 20, 2014; 7:13:37 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-0708

WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.

Published: March 20, 2014; 9:04:02 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-6970

Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928.

Published: December 14, 2013; 5:55:14 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-6964

Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.

Published: December 14, 2013; 5:55:14 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2013-6962

Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.

Published: December 14, 2013; 5:55:14 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-6961

Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237.

Published: December 14, 2013; 5:55:14 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-6960

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248.

Published: December 14, 2013; 5:55:14 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM