Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2015-6404
HistoryDec 15, 2015 - 5:59 a.m.

CVE-2015-6404

2015-12-1505:59:05
CWE-200
cisco
web.nvd.nist.gov
26
cisco
hosted
collaboration
mediation
fulfillment
rbac
remote
authenticated
users
sensitive
credential
information
soap
api
bug id
cscuw84374
cve-2015-6404

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

Affected configurations

Nvd
Node
ciscohosted_collaboration_solutionMatch10.6\(3\)_base
VendorProductVersionCPE
ciscohosted_collaboration_solution10.6(3)_basecpe:2.3:a:cisco:hosted_collaboration_solution:10.6\(3\)_base:*:*:*:*:*:*:*

Related

prion 1
nvd 1
cvelist 1
cisco 1
prion
prion
Code injection
2015-12-15 05:59:00
nvd
nvd
CVE-2015-6404
2015-12-15 05:59:05
cvelist
cvelist
CVE-2015-6404
2015-12-15 02:00:00
cisco
cisco
Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
2015-12-10 22:40:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON
Related for CVE-2015-6404
prion1nvd1cvelist1cisco1