The web server in Cisco Unified MeetingPlace Application Server 7.x prior to 7.1MR1 Patch 2, 8.0 prior to 8.0MR1 Patch 1, and 8.5 prior to 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote malicious users to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified meetingplace 7.0 |
||
cisco unified meetingplace 7.0.1 |
||
cisco unified meetingplace 7.0.2 |
||
cisco unified meetingplace 7.0.3 |
||
cisco unified meetingplace 7.1 |
||
cisco unified meetingplace 8.0 |
||
cisco unified meetingplace 8.5 |
||
cisco unified meetingplace 8.5.1 |
||
cisco unified meetingplace 8.5.2 |
||
cisco unified meetingplace 8.5.3 |