Cross-Site Request Forgery Vulnerability in Cisco Unified MeetingPlace Web Conferencing Solution
CVE-2013-5494

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace; Unified Meetingplace Web Conferencing
Vendor: CVE Published:; 16 September 2013

Summary

A cross-site request forgery (CSRF) vulnerability exists in the web framework of Cisco Unified MeetingPlace Solution, affecting the Unified MeetingPlace Web Conferencing and Unified MeetingPlace applications. This security flaw allows remote attackers to exploit the trust a user has in the web application and potentially hijack the authentication of arbitrary users. This vulnerability could lead to unauthorized actions being performed on behalf of the users, revealing sensitive information and compromising the overall security of the affected systems.

References

http://www.securitytracker.com/id/1029037

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Aug 22, 2013