The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Prime_collaboration_assurance | Cisco | 9.0.0 (including) | 9.0.0 (including) |
Prime_collaboration_assurance | Cisco | 9.5.0 (including) | 9.5.0 (including) |
Prime_collaboration_assurance | Cisco | 10.0.0 (including) | 10.0.0 (including) |
Prime_collaboration_assurance | Cisco | 10.5.0 (including) | 10.5.0 (including) |
Prime_collaboration_assurance | Cisco | 10.5.1 (including) | 10.5.1 (including) |
Prime_collaboration_assurance | Cisco | 10.6.0 (including) | 10.6.0 (including) |