漏洞标题
思科Webex Meetings桌面应用程序信息泄露漏洞
漏洞描述信息
思科Webex Meetings桌面应用程序信息泄露漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
漏洞描述信息
Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
漏洞类别
输入验证不恰当
漏洞标题
Cisco Webex Meetings Desktop App 输入验证错误漏洞
漏洞描述信息
Cisco Webex Meetings Desktop App是美国思科(Cisco)公司的一款使用在桌面环境上的视频会议控制应用程序。 Cisco Webex Meetings Desktop App 39.5.24之前版本、40.4.6之前版本和40.6之前版本中的用户界面存在输入验证错误漏洞,该漏洞源于程序没有对由网站返回到该应用程序的值进行正确的输入验证。远程攻击者可通过诱使用户访问链接利用该漏洞获取被限制的信息。
CVSS信息
N/A
漏洞类别
输入验证错误