N/A

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.

N/A

XML外部实体引用的不恰当限制(XXE)

Cisco WebEx Meetings Server 信息泄露漏洞

Cisco WebEx Meetings Server（CWMS）是美国思科（Cisco）公司的WebEx会议方案中的一套包含音频、视频和Web会议的多功能会议解决方案。 CWMS中存在信息泄露漏洞。远程攻击者可通过实施XML外部实体注入攻击利用该漏洞捕获用户文件，并将用户重定向另外的地址。

N/A

N/A