Cisco Bug: CSCum61175 - vulnerabilities with URLAPI 'BU' parameter
Aug 06, 2018
- Cisco Webex Meetings
Known Affected Releases
$IGNORE Symptom: This is a vulnerability in server-side code of a cloud services offering, and should not be made visible to customers. A vulnerability in the Cisco WebEx Meeting Center web interface which could allow an unauthenticated, remote attacker to redirect a user to a undesired web page. The vulnerability is due to improper input validation of the parameters of the HTTP request. An attacker could exploit this vulnerability by crafting a HTTP request which could cause the web application to redirect the request to a specified malicious Uniform Resource Locator (URL). This vulnerability is known as an Open Redirect Attack and used in phishing attacks to get users to visit malicious sites without their knowledge. Conditions: Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases