The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
References
Configurations
History
21 Nov 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/100911 - | |
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965 - Vendor Advisory | |
References | () http://tools.cisco.com/security/center/viewAlert.x?alertId=32157 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/64281 - | |
References | () http://www.securitytracker.com/id/1029492 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/89691 - |
Information
Published : 2013-12-14 22:55
Updated : 2024-11-21 02:00
NVD link : CVE-2013-6965
Mitre link : CVE-2013-6965
CVE.ORG link : CVE-2013-6965
JSON object : View
Products Affected
cisco
- webex_training_center
CWE
CWE-264
Permissions, Privileges, and Access Controls