Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-3502
HistoryAug 17, 2020 - 6:15 p.m.

CVE-2020-3502

2020-08-1718:15:14
CWE-20
[email protected]
web.nvd.nist.gov
6
cisco
webex
meetings

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.

Affected configurations

Nvd
Node
ciscowebex_meetingsRange<39.5.24
OR
ciscowebex_meetingsRange40.4.040.4.6
OR
ciscowebex_meetingsRange40.4.1040.6.0
OR
ciscowebex_meetingsMatch39.7.4
OR
ciscowebex_meetings_serverMatch3.0-
OR
ciscowebex_meetings_serverMatch3.0maintenance_release1
OR
ciscowebex_meetings_serverMatch3.0maintenance_release2
OR
ciscowebex_meetings_serverMatch3.0maintenance_release3
OR
ciscowebex_meetings_serverMatch4.0-
OR
ciscowebex_meetings_serverMatch4.0maintenance_release1
OR
ciscowebex_meetings_serverMatch4.0maintenance_release2
VendorProductVersionCPE
ciscowebex_meetings*cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*
ciscowebex_meetings39.7.4cpe:2.3:a:cisco:webex_meetings:39.7.4:*:*:*:*:*:*:*
ciscowebex_meetings_server3.0cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*
ciscowebex_meetings_server3.0cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*
ciscowebex_meetings_server3.0cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*
ciscowebex_meetings_server3.0cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*
ciscowebex_meetings_server4.0cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*
ciscowebex_meetings_server4.0cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*
ciscowebex_meetings_server4.0cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*

Related

prion 1
cvelist 1
cve 1
cisco 1
prion
prion
Input validation
2020-08-17 18:15:00
cvelist
cvelist
CVE-2020-3502 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
2020-08-17 18:00:17
cve
cve
CVE-2020-3502
2020-08-17 18:15:14
cisco
cisco
Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities
2020-08-05 16:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON
Related for NVD:CVE-2020-3502
prion1cvelist1cve1cisco1