VYPR

Jabber

by Cisco Systems, Inc.

CVEs (27)

  • CVE-2015-4218Jun 24, 2015
    risk 0.00cvss epss 0.03

    The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 through 9.7(5) on Windows allows remote attackers to obtain sensitive information via a crafted value in a GET request, aka Bug IDs CSCuu65622 and CSCuu70858.

  • CVE-2014-8025Dec 23, 2014
    risk 0.00cvss epss 0.02

    The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801.

  • CVE-2014-0666Jan 16, 2014
    risk 0.00cvss epss 0.06

    Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

  • CVE-2013-1228Sep 6, 2013
    risk 0.00cvss epss 0.00

    Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280.

  • CVE-2013-3393Jun 26, 2013
    risk 0.00cvss epss 0.01

    The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117.

  • CVE-2013-1161Mar 26, 2013
    risk 0.00cvss epss 0.01

    The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383.

  • CVE-2004-0013Feb 3, 2004
    risk 0.00cvss epss 0.02

    jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).

Page 2 of 2