Information disclosure in Cisco Webex_training_center

CVE-2013-6709

The registration component in Cisco WebEx Training Center provides the training-session URL before payment is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credenti…

Vulnerability class: Information Disclosure

EPSS: 0.003 (50.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Webex_training_center
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1029492 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20131212 Cisco Webex Training Center Session Password and Access Code Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)