Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for spark_hybrid_calendar_service by cisco

    CVE-2017-12310 (GCVE-0-2017-12310)

    Vulnerability from nvd – Published: 2018-03-27 09:00 – Updated: 2024-12-02 20:56
    VLAI
    Summary
    A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Cisco Spark Hybrid Calendar Service Affected: Cisco Spark Hybrid Calendar Service
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:36:54.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-12310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T19:11:11.325236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T20:56:14.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Spark Hybrid Calendar Service",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cisco Spark Hybrid Calendar Service"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T08:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-12310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Spark Hybrid Calendar Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cisco Spark Hybrid Calendar Service"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark",
                  "refsource": "CONFIRM",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-12310",
        "datePublished": "2018-03-27T09:00:00.000Z",
        "dateReserved": "2017-08-03T00:00:00.000Z",
        "dateUpdated": "2024-12-02T20:56:14.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12310 (GCVE-0-2017-12310)

    Vulnerability from cvelistv5 – Published: 2018-03-27 09:00 – Updated: 2024-12-02 20:56
    VLAI
    Summary
    A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Cisco Spark Hybrid Calendar Service Affected: Cisco Spark Hybrid Calendar Service
    Date Public
    2018-03-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:36:54.487Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-12310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-02T19:11:11.325236Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-02T20:56:14.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Spark Hybrid Calendar Service",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cisco Spark Hybrid Calendar Service"
                }
              ]
            }
          ],
          "datePublic": "2018-03-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T08:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-12310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Spark Hybrid Calendar Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cisco Spark Hybrid Calendar Service"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark",
                  "refsource": "CONFIRM",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-12310",
        "datePublished": "2018-03-27T09:00:00.000Z",
        "dateReserved": "2017-08-03T00:00:00.000Z",
        "dateUpdated": "2024-12-02T20:56:14.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }