A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote malicious user to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an malicious user to perform an out-of-band XXE injection on the system, which could allow an malicious user to capture customer files and redirect them to another destination address. An exploit could allow the malicious user to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco webex meetings server |