CVE-2015-0597

Published: Feb 2, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159.

Affected (1)

Products: Cisco: Webex Meetings Server

Cisco

1 product

Webex Meetings Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meetings Server	Up to 1.5\(.1.131\)

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=37240

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/72373

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1031678

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/100658

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0597