CVE-2017-12284

MEDIUM

Cisco Jabber for Windows Client - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039624
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101501

Scores

CVSS v3 5.5
EPSS 0.0036
EPSS Percentile 27.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
cisco/jabber 11.8\(.4\)
n/a/Cisco Jabber for Windows Client Cisco Jabber for Windows Client
Published Oct 19, 2017
Tracked Since Feb 18, 2026