CVE Vulnerabilities

CVE-2015-4306

Published: Sep 20, 2015 | Modified: Jan 04, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.5 HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

Affected Software

Name Vendor Start Version End Version
Prime_collaboration_assurance Cisco 10.5.1 10.5.1
Prime_collaboration_assurance Cisco 10.0.0 10.0.0
Prime_collaboration_assurance Cisco 9.0.0 9.0.0
Prime_collaboration_assurance Cisco 10.6.0 10.6.0
Prime_collaboration_assurance Cisco 9.5.0 9.5.0
Prime_collaboration_assurance Cisco 10.5.0 10.5.0

References