Guest

Preview Tool

Cisco Bug: CSCul98272 - Cisco WebEx HTTP GET Parameters Include Sensitive Information

Last Modified

Apr 24, 2019

Products (1)

  • Cisco Webex Meetings Online

Known Affected Releases

WebEx11-V1.3-SP26 Webex11-V1.3.2

Description (partial)

Symptom:
A vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET 
parameters of URL requests.

The vulnerability is due to inclusion of sensitive information in URLs as GET parameters. An attacker could exploit this vulnerability by viewing 
application URL requests containing the sensitive information in GET parameters.

This vulnerability was reported to Cisco by Jim LaValley of LaValley Consulting.

Conditions:
Default behavior.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.