Information disclosure in Cisco Webex_meeting_center

CVE-2015-4209

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for eac…

Vulnerability class: Information Disclosure

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Webex_meeting_center
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20150622 Cisco WebEx Meetings Host Calendar Download Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
75351 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1032705 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)