Cross-Site Request Forgery Vulnerabilities in Cisco Unified MeetingPlace
CVE-2015-0704

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 22 April 2015

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities exist in API features within Cisco Unified MeetingPlace 8.6(1.9). These weaknesses enable remote attackers to initiate requests that can hijack the authentication of any user. Successful exploitation of these vulnerabilities can compromise user sessions, enabling unauthorized access to sensitive functionalities and user data.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032334

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Apr 22, 2015
Vulnerability Reserved
Jan 7, 2015