Lucene search

[email protected]NVD:CVE-2015-6404

HistoryDec 15, 2015 - 5:59 a.m.

CVE-2015-6404

2015-12-1505:59:05

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

Affected configurations

Nvd

Node

ciscohosted_collaboration_solutionMatch10.6\(3\)_base

VendorProductVersionCPE
ciscohosted_collaboration_solution10.6(3)_basecpe:2.3:a:cisco:hosted_collaboration_solution:10.6\(3\)_base:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hosted_collaboration_solution	10.6(3)_base	cpe:2.3:a:cisco:hosted_collaboration_solution:10.6\(3\)_base:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm

www.securityfocus.com/bid/78874

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON

Related for NVD:CVE-2015-6404

prion1 cve1 cvelist1 cisco1