Cisco released a notice today that software patches are available for customers running Unified MeetingPlace conferencing software in version 6.0 and 7.0. The software had an opening that would allow an unauthenticated user to create a URL that would bypass the authentication mechanisms on the conferencing server. That could give them full administrative access to the application.
Patched versions of the software have been posted on Cisco’s site.
Please note that even though this is a Cisco web conferencing product, it is NOT the WebEx software they now own and operate. Unified MeetingPlace is another product entirely.