Information Disclosure Vulnerability in Cisco Jabber's Guest Server API
CVE-2014-8024

Currently unrated

Key Information:

Vendor: Cisco
Status: Jabber Guest
Vendor: CVE Published:; 23 December 2014

Summary

The Guest Server API in Cisco Jabber has a vulnerability due to the improper implementation of HTML5 Cross-Origin Resource Sharing (CORS). This flaw allows remote attackers to intercept and access sensitive information through network sniffing during HTTP GET or POST requests. This security weakness exposes data effectively, potentially compromising user privacy and system integrity.

References

http://www.securitytracker.com/id/1031422

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/71770

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Oct 8, 2014