{"containers": {"cna": {"affected": [{"product": "Cisco WebEx Meetings Server", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-02-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-04T16:35:44.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9"}], "source": {"advisory": "cisco-sa-wbx-linkinj-WWZpVqu9", "defect": [["CSCvw13888", "CSCvw13891"]], "discovery": "INTERNAL"}, "title": "Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-03T16:00:00", "ID": "CVE-2021-1221", "STATE": "PUBLIC", "TITLE": "Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco WebEx Meetings Server", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9"}]}, "source": {"advisory": "cisco-sa-wbx-linkinj-WWZpVqu9", "defect": [["CSCvw13888", "CSCvw13891"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:02:56.140Z"}, "title": "CVE Program Container", "references": [{"name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T20:49:38.706484Z", "id": "CVE-2021-1221", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T23:53:20.479Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1221", "datePublished": "2021-02-04T16:35:44.855Z", "dateReserved": "2020-11-13T00:00:00.000Z", "dateUpdated": "2024-11-08T23:53:20.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9", "name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:02:56.140Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1221", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-08T20:49:38.706484Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T21:01:51.810Z"}}], "cna": {"title": "Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "source": {"defect": [["CSCvw13888", "CSCvw13891"]], "advisory": "cisco-sa-wbx-linkinj-WWZpVqu9", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco WebEx Meetings Server", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2021-02-03T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9", "name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-02-04T16:35:44.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N"}}, "source": {"defect": [["CSCvw13888", "CSCvw13891"]], "advisory": "cisco-sa-wbx-linkinj-WWZpVqu9", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco WebEx Meetings Server"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9", "name": "20210203 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-1221", "STATE": "PUBLIC", "TITLE": "Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-02-03T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-1221", "state": "PUBLISHED", "dateUpdated": "2024-11-08T23:53:20.479Z", "dateReserved": "2020-11-13T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-02-04T16:35:44.855Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", "matchCriteriaId": "264B9E30-8AB4-454F-BF92-018FF6719BF8", "versionEndExcluding": "41.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C", "versionEndExcluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", "matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*", "matchCriteriaId": "D36FE453-C43F-448B-8A59-668DE95468C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3_security_patch3:*:*:*:*:*:*", "matchCriteriaId": "EA561408-D53D-43B9-A464-A413EC2E083E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de usuario de Cisco Webex Meetings y el software Cisco Webex Meetings Server, podr\u00eda permitir a un atacante autenticado remoto inyectar un hiperv\u00ednculo en un correo electr\u00f3nico de invitaci\u00f3n para una reuni\u00f3n. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada. Un atacante podr\u00eda explotar esta vulnerabilidad al introducir una URL en un campo en la interfaz de usuario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante generar un correo electr\u00f3nico de invitaci\u00f3n de Webex Meetings que contenga un enlace a un destino de su elecci\u00f3n. Debido a que este correo electr\u00f3nico se env\u00eda desde una fuente confiable, es m\u00e1s probable que el destinatario haga clic en el enlace"}], "id": "CVE-2021-1221", "lastModified": "2024-11-21T05:43:51.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-04T17:15:14.560", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}