What is CVE-2020-3498?

CVE-2020-3498 is a medium-severity vulnerability in Cisco Jabber, classified under Information Disclosure. CVSS score: 6.5/10. Published 2020-09-04.

How severe is CVE-2020-3498?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2020-3498 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Cisco Jabber

CVE-2020-3498

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerabili…

Vulnerability class: Information Disclosure

EPSS: 0.003 (54.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Jabber — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

20200902 Cisco Jabber for Windows Information Disclosure Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3498?: CVE-2020-3498 is a medium-severity vulnerability in Cisco Jabber, classified under Information Disclosure. CVSS score: 6.5/10. Published 2020-09-04.
How severe is CVE-2020-3498?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2020-3498 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.