Information disclosure in Cisco Jabber

CVE-2015-4218

The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.

Vulnerability class: Information Disclosure

EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Jabber — versions 9.6\(0\), 9.6\(1\), 9.6\(2\)
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20150623 Cisco Jabber for Windows Web-Based User Interface Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032711 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
75377 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)