CVE-2014-8024

Published: Dec 23, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789.

Affected (1)

Products: Cisco: Jabber Guest

Cisco

1 product

Jabber Guest

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Jabber Guest	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71770

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031422

Source: psirt@cisco.com

https://tools.cisco.com/security/center/viewAlert.x?alertId=36870

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/71770

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031422

Source: af854a3a-2127-422b-91ae-364da2661108

https://tools.cisco.com/security/center/viewAlert.x?alertId=36870

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.