Vulnerability Details : CVE-2013-6965
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
Products affected by CVE-2013-6965
- cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6965
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-6965
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6965
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32157
Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/64281
Cisco WebEx Training Center CVE-2013-6965 Multiple Information Disclosure Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89691
Cisco WebEx Training Center registration page information disclosure CVE-2013-6965 Vulnerability Report
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965
Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029492
Cisco WebEx Training Center Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Obtain Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://osvdb.org/100911
Jump to