Vulnerability Details : CVE-2014-3301
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.
Vulnerability category: Information leak
Products affected by CVE-2014-3301
- cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.5\(.1.6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:webex_meetings_server:1.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3301
0.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3301
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3301
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3301
-
http://www.securityfocus.com/bid/68894
Cisco WebEx Meetings Server CVE-2014-3301 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3301
Cisco WebEx Meetings Server Stack Trace VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=35040
Cisco WebEx Meetings Server Stack Trace VulnerabilityVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94895
Cisco WebEx Meetings Server ProfileAction controller information disclosure CVE-2014-3301 Vulnerability Report
-
http://www.securitytracker.com/id/1030642
Cisco WebEx Meetings Server ProfileAction Controller Lets Remote Users Obtain Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
Jump to