CVE-2013-1245: Input Validation
First published: Thu May 16 2013(Updated: )
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Social |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-1245?
CVE-2013-1245 has been classified as having a medium severity level.
How do I fix CVE-2013-1245?
To remediate CVE-2013-1245, ensure that server-side validation is implemented for all user input fields.
What types of systems are affected by CVE-2013-1245?
CVE-2013-1245 affects Cisco WebEx Social when user management functionalities are utilized.
Are remote authenticated users able to exploit CVE-2013-1245?
Yes, remote authenticated users can exploit CVE-2013-1245 through crafted requests that bypass access restrictions.
What fields are involved in the CVE-2013-1245 vulnerability?
The fields involved in CVE-2013-1245 include Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco webex social