CVE-2014-2199 : meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Ce

meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebEx Sales Center, WebEx Training Center, WebEx Meetings Server 1.5(.1.131) and earlier, and WebEx Business Suite (WBS) 27 before 27.32.31.16, 28 before 28.12.13.18, and 29 before 29.5.1.12 allows remote attackers to obtain sensitive meeting information by leveraging knowledge of a meeting identifier, aka Bug IDs CSCuo68624 and CSCue46738.

Published 2014-05-20 11:13:38

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2014-2199

Cisco » Webex Meeting Center » Version: N/A
cpe:2.3:a:cisco:webex_meeting_center:-:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Training Center » Version: N/A
cpe:2.3:a:cisco:webex_training_center:-:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Meetings Server
Versions up to, including, (<=) 1.5\(.1.131\)
cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Sales Center » Version: N/A
cpe:2.3:a:cisco:webex_sales_center:-:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Event Center » Version: N/A
cpe:2.3:a:cisco:webex_event_center:-:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Business Suite » Version: 28.0
cpe:2.3:a:cisco:webex_business_suite:28.0:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Business Suite » Version: 27.0
cpe:2.3:a:cisco:webex_business_suite:27.0:*:*:*:*:*:*:*
Matching versions
Cisco » Webex Business Suite » Version: 29.0
cpe:2.3:a:cisco:webex_business_suite:29.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-2199

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-2199

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-2199

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-2199

http://tools.cisco.com/security/center/viewAlert.x?alertId=34252

Cisco WebEx Meeting meetinginfo.do Information Disclosure Vulnerability
Vendor Advisory
http://www.securitytracker.com/id/1030251

Cisco WebEx Event Center Discloses Potentially Sensitive Information to Remote Users - SecurityTracker
Third Party Advisory;VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2199

Cisco WebEx Meeting meetinginfo.do Information Disclosure Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-2199

Products affected by CVE-2014-2199

Exploit prediction scoring system (EPSS) score for CVE-2014-2199

CVSS scores for CVE-2014-2199

CWE ids for CVE-2014-2199

References for CVE-2014-2199