CVE-2013-1245

Published May 16, 2013

Last updated 11 years ago

Overview

Description: The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:webex_social:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E0B855C-5A9E-4C1A-8AA2-434FD5F03E60"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References