CVE Vulnerabilities

CVE-2015-4304

Published: Sep 20, 2015 | Modified: Jan 04, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.

Affected Software

Name Vendor Start Version End Version
Prime_collaboration_assurance Cisco 9.0.0 (including) 9.0.0 (including)
Prime_collaboration_assurance Cisco 9.5.0 (including) 9.5.0 (including)
Prime_collaboration_assurance Cisco 10.0.0 (including) 10.0.0 (including)
Prime_collaboration_assurance Cisco 10.5.0 (including) 10.5.0 (including)
Prime_collaboration_assurance Cisco 10.5.1 (including) 10.5.1 (including)
Prime_collaboration_assurance Cisco 10.6.0 (including) 10.6.0 (including)

References