CVE Vulnerabilities

CVE-2015-6417

Published: Dec 12, 2015 | Modified: Nov 28, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.

Affected Software

Name Vendor Start Version End Version
Videoscape_distribution_suite_service_manager Cisco 3.0.0 3.0.0
Videoscape_distribution_suite_service_manager Cisco 3.2.0 3.2.0
Videoscape_distribution_suite_service_manager Cisco 3.3.0 3.3.0
Videoscape_distribution_suite_service_manager Cisco 3.1.0 3.1.0
Videoscape_distribution_suite_service_manager Cisco 3.4.0 3.4.0

References