Rewterz Threat Advisory – Apache SkyWalking SQL injection
August 7, 2020Rewterz Threat Advisory – CVE-2020-3411 – Cisco DNA Center Information Disclosure Vulnerability
August 7, 2020Rewterz Threat Advisory – Apache SkyWalking SQL injection
August 7, 2020Rewterz Threat Advisory – CVE-2020-3411 – Cisco DNA Center Information Disclosure Vulnerability
August 7, 2020Severity
Medium
Analysis Summary
The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses.
Impact
Information Disclosure
Affected Vendors
Cisco
Affected Products
Cisco Webex
Remediation
Refer to Cisco advisory for the list of complete list of affected products and their respective patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-mAkmV4qc