The vulnerability that was recently discovered allows a “ghost” attacker to join meetings unauthenticated and eavesdrop the conversations.
The vulnerability was discovered by IBM when the company was testing the collaboration tool as part of regular testing practice in the company.
The vulnerability allows to join a meeting without being listed and manage bi-directional conversation in the meeting and access to information about the participant.
It was reported under 3 different CVE vulnerabilities (CVE-2020-3419, CVE-2020-3471, CVE-2020-3441)
The vulnerabilities were patched on cloud WebEx cloud, client with on-premise installations are advised to apply the patch.
News Site: zdnet.com