CVE-2014-8025

Published: Dec 23, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.

Affected (1)

Products: Cisco: Jabber Guest

Cisco

1 product

Jabber Guest

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Jabber Guest	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71768

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031422

Source: psirt@cisco.com

https://tools.cisco.com/security/center/viewAlert.x?alertId=36871

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/71768

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031422

Source: af854a3a-2127-422b-91ae-364da2661108

https://tools.cisco.com/security/center/viewAlert.x?alertId=36871

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.