CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:prime_collaboration_assurance:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_assurance:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_assurance:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:*:*:*:*:*:*:*

Information

Published : 2015-09-19 18:59

Updated : 2017-01-04 09:57


NVD link : CVE-2015-4306

Mitre link : CVE-2015-4306


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

cisco

  • prime_collaboration_assurance