CVE-2015-4209

Published: Jun 23, 2015Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913.

Affected (1)

Products: Cisco: Webex Meeting Center

1 product

Webex Meeting Center

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Webex Meeting Center	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39459

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/75351

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032705

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=39459

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/75351

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032705

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.