Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability
Cisco Unified MeetingPlace Server Cross-Site Request Forgery Vulnerability
Release date:
Updated on:
Affected Systems:
Cisco uniied MeetingPlace 8.6 (1.9)
Description:
CVE (CAN) ID: CVE-2015-0704
The Cisco Unified MeetingPlace conferencing solution allows organizations to host integrated voice, video, and web meetings.
In Cisco uniied MeetingPlace 8.6 (1.9), multiple cross-site Request Forgery vulnerabilities exist in API functions. Remote attackers can exploit this vulnerability to hijack the authentication of arbitrary users.
<* Source: Cisco
*>
Suggestion:
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://tools.cisco.com/security/center/viewAlert.x? AlertId = 38460
This article permanently updates the link address: