Information disclosure in Cisco Webex_training_center

CVE-2013-6968

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003.

Vulnerability class: Information Disclosure

EPSS: 0.005 (67.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Webex_training_center
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

1029492 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
100913 (x_refsource_OSVDB, vdb-entry)
20131212 Cisco WebEx Training Center Registered Attendee Email Enumeration Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-webex-cve20136968-info-disc(89688) (vdb-entry, x_refsource_XF)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)