fkie_cve-2015-4218
Vulnerability from fkie_nvd
Published
2015-06-24 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.
References
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39494Vendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/75377Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1032711Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39494Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75377Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032711Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco jabber 9.6\(0\)
cisco jabber 9.6\(1\)
cisco jabber 9.6\(2\)
cisco jabber 9.6\(3\)
cisco jabber 9.7\(0\)
cisco jabber 9.7\(1\)
cisco jabber 9.7\(2\)
cisco jabber 9.7\(3\)
cisco jabber 9.7\(4\)
cisco jabber 9.7\(5\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.6\\(0\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "46AFE274-98F7-4EAC-B5BC-7E2E37AE06AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.6\\(1\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "775A873A-D368-471F-991C-915D787847BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.6\\(2\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "822DC885-020C-46D3-8E39-A76420E36DC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.6\\(3\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "82C41667-D1C8-4C5B-822A-1D5AFBA6ECE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(0\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "01D71E7C-F3B7-49C7-8CE6-4FA9C6B8F4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(1\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "C5A9C5C8-D379-454D-BAD9-E254D83285F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(2\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "65635A3B-0471-4115-8C6D-6609AD0D3FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(3\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "A175FC00-EFFF-47EF-B6AF-CC7A504D861D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(4\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "A3D81AD5-AF7D-4D02-951A-20CBC4735A2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber:9.7\\(5\\):*:*:*:*:windows:*:*",
              "matchCriteriaId": "76203F9C-F114-4DFE-BDC9-91F021EDE58E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858."
    },
    {
      "lang": "es",
      "value": "La interfaz de usuario basada en web en Cisco Jabber hasta 9.6(3) y 9.7 hasta 9.7(5) en Windows permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un valor manipulado en una solicitud GET, tambi\u00e9n conocido como Bug IDs CSCuu65622 y CSCuu70858."
    }
  ],
  "id": "CVE-2015-4218",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-24T10:59:11.790",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39494"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75377"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032711"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.