Session ID Information Disclosure in Cisco Unified MeetingPlace
CVE-2015-0763

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Meetingplace
Vendor: CVE Published:; 4 June 2015

Summary

Cisco Unified MeetingPlace 8.6(1.2) is susceptible to an information disclosure vulnerability due to improper validation of session IDs in HTTP URLs. An attacker can exploit this flaw by crafting a malicious URL that, when accessed, allows them to retrieve sensitive session information. This vulnerability poses a risk to users' confidentiality and could potentially be leveraged for further attacks. Regular updates and security patches are essential to mitigate the exposure to this type of threat.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032471

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 4, 2015
Vulnerability Reserved
Jan 7, 2015