CVE-2013-1245 — MEDIUM (4.0)

Vulnerability Description

The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Webex Social	-

Related Weaknesses (CWE)

CWE-20

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1245Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1245Vendor Advisory

FAQ

What is CVE-2013-1245?

CVE-2013-1245 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remo...

How severe is CVE-2013-1245?

CVE-2013-1245 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1245?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Social.