QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-12284

Back to search

CVE-2017-12284

Published: Oct 19, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401.

VendorProductVersions

n/a

Cisco Jabber for Windows Client

affected
Cisco Jabber for Windows Client

Weaknesses (CWE)

CWE-200

References

1039624
vdb-entry
x_refsource_SECTRACK
101501
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now