cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-20917,https://securityvulnerability.io/vulnerability/CVE-2022-20917,Message Processing Vulnerability in Cisco Jabber's XMPP Feature,"A vulnerability exists within the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber, allowing authenticated remote attackers to exploit improperly handled nested XMPP messages. By sending carefully crafted XMPP messages to the targeted Jabber client, an attacker can potentially manipulate message content, resulting in the application performing unsafe actions. This issue highlights the importance of robust message processing safeguards in communication applications.",Cisco,Cisco Jabber,4.3,MEDIUM,0.0006699999794363976,false,,false,false,true,2024-08-03T03:15:47.000Z,,false,false,,2023-09-15T02:12:51.048Z,0
CVE-2021-1569,https://securityvulnerability.io/vulnerability/CVE-2021-1569,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,6.5,MEDIUM,0.0006300000241026282,false,,false,false,true,2024-08-03T17:16:02.000Z,,false,false,,2021-06-16T00:00:00.000Z,0
CVE-2021-1570,https://securityvulnerability.io/vulnerability/CVE-2021-1570,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,6.5,MEDIUM,0.000750000006519258,false,,false,false,true,2024-08-03T17:16:02.000Z,,false,false,,2021-06-16T00:00:00.000Z,0
CVE-2021-1469,https://securityvulnerability.io/vulnerability/CVE-2021-1469,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0009399999980814755,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-03-24T00:00:00.000Z,0
CVE-2021-1411,https://securityvulnerability.io/vulnerability/CVE-2021-1411,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0010400000028312206,false,,false,false,true,2024-08-03T17:15:54.000Z,,false,false,,2021-03-24T00:00:00.000Z,0
CVE-2021-1471,https://securityvulnerability.io/vulnerability/CVE-2021-1471,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0009200000204145908,false,,false,false,true,2024-08-03T17:15:57.000Z,,false,false,,2021-03-24T00:00:00.000Z,0
CVE-2021-1417,https://securityvulnerability.io/vulnerability/CVE-2021-1417,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0006500000017695129,false,,false,false,true,2024-08-03T17:15:55.000Z,,false,false,,2021-03-24T00:00:00.000Z,0
CVE-2021-1418,https://securityvulnerability.io/vulnerability/CVE-2021-1418,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0008099999977275729,false,,false,false,true,2024-08-03T17:15:55.000Z,,false,false,,2021-03-24T00:00:00.000Z,0
CVE-2020-26085,https://securityvulnerability.io/vulnerability/CVE-2020-26085,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.001550000044517219,false,,false,false,true,2024-08-04T16:20:28.000Z,,false,false,,2021-01-07T00:15:00.000Z,0
CVE-2020-27134,https://securityvulnerability.io/vulnerability/CVE-2020-27134,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0010400000028312206,false,,false,false,true,2024-08-04T17:20:07.000Z,,false,false,,2020-12-11T17:15:00.000Z,0
CVE-2020-27133,https://securityvulnerability.io/vulnerability/CVE-2020-27133,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0010400000028312206,false,,false,false,true,2024-08-04T17:20:07.000Z,,false,false,,2020-12-11T17:15:00.000Z,0
CVE-2020-27132,https://securityvulnerability.io/vulnerability/CVE-2020-27132,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0010400000028312206,false,,false,false,true,2024-08-04T17:20:07.000Z,,false,false,,2020-12-11T17:15:00.000Z,0
CVE-2020-27127,https://securityvulnerability.io/vulnerability/CVE-2020-27127,Cisco Jabber Desktop and Mobile Client Software Vulnerabilities,"Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.",Cisco,Cisco Jabber,9.9,CRITICAL,0.0010400000028312206,false,,false,false,true,2024-08-04T17:20:06.000Z,,false,false,,2020-12-11T17:15:00.000Z,0
CVE-2020-3495,https://securityvulnerability.io/vulnerability/CVE-2020-3495,Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability,"A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.",Cisco,Cisco Jabber,9.9,CRITICAL,0.002360000042244792,false,,false,false,true,2024-08-04T08:16:43.000Z,,false,false,,2020-09-04T03:15:00.000Z,0
CVE-2020-3430,https://securityvulnerability.io/vulnerability/CVE-2020-3430,Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability,"A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.",Cisco,Cisco Jabber,8.8,HIGH,0.0075599998235702515,false,,false,false,true,2024-08-04T08:16:40.000Z,,false,false,,2020-09-04T03:15:00.000Z,0
CVE-2020-3498,https://securityvulnerability.io/vulnerability/CVE-2020-3498,Cisco Jabber for Windows Information Disclosure Vulnerability,"A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.",Cisco,Cisco Jabber,6.5,MEDIUM,0.0014799999771639705,false,,false,false,true,2024-08-04T08:16:43.000Z,,false,false,,2020-09-04T03:15:00.000Z,0
CVE-2020-3537,https://securityvulnerability.io/vulnerability/CVE-2020-3537,Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability,"A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.",Cisco,Cisco Jabber,5.7,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T08:16:45.000Z,,false,false,,2020-09-04T03:15:00.000Z,0
CVE-2020-3155,https://securityvulnerability.io/vulnerability/CVE-2020-3155,Cisco Intelligent Proximity SSL Certificate Validation Vulnerability,"A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.",Cisco,Cisco Jabber Im For Android,7.4,HIGH,0.0013699999544769526,false,,false,false,true,2024-08-04T08:16:27.000Z,,false,false,,2020-03-04T00:00:00.000Z,0
CVE-2020-3136,https://securityvulnerability.io/vulnerability/CVE-2020-3136,Cisco Jabber Guest Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier.",Cisco,Cisco Jabber Guest,6.1,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2020-01-26T05:15:00.000Z,0
CVE-2019-12645,https://securityvulnerability.io/vulnerability/CVE-2019-12645,Cisco Jabber Client Framework for Mac Code Execution Vulnerability,"A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to improper file level permissions on an affected device when it is running Cisco JCF for Mac Software. An attacker could exploit this vulnerability by authenticating to the affected device and executing arbitrary code or potentially modifying certain configuration files. A successful exploit could allow the attacker to execute arbitrary code or modify certain configuration files on the device using the privileges of the installed Cisco JCF for Mac Software.",Cisco,Cisco Jabber For Mac,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-09-16T18:16:26.000Z,,false,false,,2019-09-05T02:15:00.000Z,0
CVE-2019-1855,https://securityvulnerability.io/vulnerability/CVE-2019-1855,Cisco Jabber for Windows DLL Preloading Vulnerability,"A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.",Cisco,Cisco Jabber For Windows,7.3,HIGH,0.0004299999854993075,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-07-04T20:15:00.000Z,0
CVE-2018-0483,https://securityvulnerability.io/vulnerability/CVE-2018-0483,Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability,"A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information.",Cisco,Cisco Jabber Im For Android,4.6,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-08-05T04:15:23.000Z,,false,false,,2019-01-10T17:29:00.000Z,0
CVE-2018-0449,https://securityvulnerability.io/vulnerability/CVE-2018-0449,Cisco Jabber Client Framework Insecure Directory Permissions Vulnerability,"A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten.",Cisco,Cisco Jabber For Mac,5.1,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-05T04:15:21.000Z,,false,false,,2019-01-10T16:29:00.000Z,0
CVE-2018-0201,https://securityvulnerability.io/vulnerability/CVE-2018-0201,,"A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001.",Cisco,Cisco Jabber Client Framework,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0
CVE-2018-0199,https://securityvulnerability.io/vulnerability/CVE-2018-0199,,"A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989.",Cisco,Cisco Jabber Client Framework,6.1,MEDIUM,0.0023300000466406345,false,,false,false,false,,,false,false,,2018-02-22T00:00:00.000Z,0