Auto-merge PR#4553

2025-06-08 14:08:13 +00:00 · 2020-08-17 14:01:36 -04:00 · 2020-08-17 14:01:36 -04:00 · 6fbabc08b4
commit 6fbabc08b4
parent 3e84d53cfa d640a15751
1 changed files with 79 additions and 7 deletions
--- a/2020/3xxx/CVE-2020-3502.json
+++ b/2020/3xxx/CVE-2020-3502.json
@ -1,18 +1,90 @@
 {
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-08-05T16:00:00",
        "ID": "CVE-2020-3502",
-        "ASSIGNER": "cve@mitre.org",
+        "STATE": "PUBLIC",
-        "STATE": "RESERVED"
+        "TITLE": "Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Webex Meetings ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "\r Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users.\r These vulnerabilities are due to improper input validation of parameters returned to the application from a web site. An attacker with a valid Webex account could exploit these vulnerabilities by persuading a user to follow a URL that is designed to return malicious path parameters to the affected software. A successful exploit could allow the attacker to obtain restricted information from other Webex users.\r "
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "4.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20200805 Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-g3zevBcp"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-webex-client-g3zevBcp",
        "defect": [
            [
                "CSCvt70779",
                "CSCvt70813",
                "CSCvt78057",
                "CSCvu82730",
                "CSCvu82733"
            ]
        ],
        "discovery": "INTERNAL"
    }
-}
+}