CVE-2015-6303
Cisco Spark 2015-07-04 - Exposure of Sensitive Information via Improper Certificate Validation
Title source: llmDescription
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41127
Scores
EPSS
0.0054
EPSS Percentile
41.3%
Details
CWE
CWE-200
Status
published
Products (1)
cisco/spark
2015-07-04_base
Published
Sep 24, 2015
Tracked Since
Feb 18, 2026