Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Webex Meetings Server | <= 1.5\(.1.131\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35051Vendor Advisory
- http://www.securityfocus.com/bid/68903Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030644Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94894
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=35051Vendor Advisory
- http://www.securityfocus.com/bid/68903Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1030644Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94894
FAQ
What is CVE-2014-3305?
CVE-2014-3305 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims ...
How severe is CVE-2014-3305?
CVE-2014-3305 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3305?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Meetings Server.