This could result in denial of service to the affected services due to high CPU consumption.
To fix this issue, update your servers to the latest patch level immediately.
CVE-2018-1177 - Cisco WebEx Node.js Client Vulnerable to Server-Side Code Injection Due to insecure usage of regular expressions, Cisco WebEx Node.js client before version 4.8.1, 5.0.0 before 5.14.2, and 5.1.0 before 5.1.1 is vulnerable to Server-Side Code Injection due to insecure usage of regular expressions.
This could result in remote code execution on the affected Cisco WebEx Node.js server.
In order to exploit this issue, an attacker would have to convince an administrator to visit a specially crafted website or Open Redirect attack on the server.
To fix this issue, update your Cisco WebEx Node.js client to the latest patch level immediately. CVE-2018-1176 - Cisco WebEx Node.js Client Vulnerable to Clickjacking Cisco WebEx Node.js client before version 4.8.1, 5.0.0 before 5.14.2, and 5.1.0 before 5.1.1 is vulnerable to Clickjacking.
This could result in XSS attack on the affected Cisco WebEx Node.js server.
To fix this issue, update your Cisco WebEx Node.js client to the latest
Cisco WebEx Browsers and WebEx Node.js Clients
To fix this issue, update your Cisco WebEx Node.js client to the latest patch level immediately.
Cisco WebEx Browsers and WebEx Node.js Clients
Timeline
Published on: 07/15/2022 20:15:00 UTC
Last modified on: 07/21/2022 14:33:00 UTC
References
- https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722
- https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012
- https://snyk.io/vuln/SNYK-JS-TERSER-2806366
- https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25858