Vulnerability Description
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Jabber Guest | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025Vendor Advisory
- http://www.securityfocus.com/bid/71768
- http://www.securitytracker.com/id/1031422
- https://tools.cisco.com/security/center/viewAlert.x?alertId=36871
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8025Vendor Advisory
- http://www.securityfocus.com/bid/71768
- http://www.securitytracker.com/id/1031422
- https://tools.cisco.com/security/center/viewAlert.x?alertId=36871
FAQ
What is CVE-2014-8025?
CVE-2014-8025 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID...
How severe is CVE-2014-8025?
CVE-2014-8025 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8025?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Jabber Guest.