Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webex_meetings
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 57 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-28 | CVE-2019-1674 | A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user... | Webex_meetings, Webex_meetings_online, Webex_productivity_tools | 8.8 | ||
| 2018-07-18 | CVE-2018-0390 | A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could... | Webex_meetings | 6.1 | ||
| 2018-06-07 | CVE-2018-0357 | A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the... | Webex_meetings | 6.1 | ||
| 2018-06-07 | CVE-2018-0356 | A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the... | Webex_meetings | 6.1 | ||
| 2018-05-02 | CVE-2018-0264 | A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This... | Webex_business_suite_31, Webex_business_suite_32, Webex_meeting_server, Webex_meetings | 9.6 | ||
| 2018-04-19 | CVE-2018-0112 | A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow... | Webex_business_suite_31, Webex_business_suite_32, Webex_meetings, Webex_meetings_server | 9.0 | ||
| 2018-01-04 | CVE-2018-0104 | A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects... | Webex_business_suite, Webex_meetings, Webex_meetings_server, Webex_network_recording_player | 9.6 | ||
| 2018-01-04 | CVE-2018-0103 | A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability... | Webex_business_suite, Webex_meetings, Webex_meetings_server, Webex_network_recording_player | 7.8 | ||
| 2017-07-25 | CVE-2017-6753 | A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due... | Webex_event_center, Webex_meeting_center, Webex_meetings, Webex_meetings_server, Webex_meetings_server_2\.0, Webex_meetings_server_2\.0_mr8_patch, Webex_meetings_server_2\.0_mr9_patch, Webex_meetings_server_2\.5, Webex_meetings_server_2\.5_mr2_patch, Webex_meetings_server_2\.5_mr5_patch, Webex_meetings_server_2\.5_mr6_patch, Webex_meetings_server_2\.6, Webex_meetings_server_2\.6_mr1_patch, Webex_meetings_server_2\.6_mr2_patch, Webex_meetings_server_2\.6_mr3_patch, Webex_meetings_server_2\.7, Webex_meetings_server_2\.7_mr1_patch, Webex_meetings_server_2\.7_mr2_patch, Webex_support_center, Webex_training_center | 8.8 | ||
| 2017-11-30 | CVE-2017-12372 | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted... | Webex_meetings, Webex_meetings_server | 9.6 |