Cross-Site Request Forgery Vulnerability in Cisco Unified MeetingPlace
CVE-2015-0705

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 22 April 2015

Summary

A cross-site request forgery (CSRF) vulnerability exists in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9). This flaw allows remote attackers to exploit authenticated administrative sessions, enabling them to perform actions such as creating unauthorized administrative accounts without user consent. By leveraging this vulnerability, attackers can effectively hijack the authentication process, putting sensitive data and system integrity at risk.

References

http://www.securityfocus.com/bid/74258

vdb-entryx_refsource_BID

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Apr 22, 2015
Vulnerability Reserved
Jan 7, 2015