RSS   Vulnerabilities for 'Realpresence resource manager'   RSS

2017-09-19
 
CVE-2015-4685

CWE-264
 

 
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.

 
 
CVE-2015-4684

CWE-255
 

 
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

 
 
CVE-2015-4683

CWE-264
 

 
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

 
 
CVE-2015-4682

CWE-200
 

 
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

 
 
CVE-2015-4681

CWE-255
 

 
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.

 

 >>> Vendor: Polycom 29 Products
Viewstation 128
Viewstation 512
Viewstation dcp
Viewstation fx vs4000
Viewstation h.323
Viewstation mp
Viewstation sp 384
Viewstation v.35
Viavideo
Mgc-100
Mgc-25
Mgc-50
Soundpoint ip 301
Soundpoint ip 650
Soundpoint ip 601
Hdx system software
Realpresence cloudaxis suite
Btoe connector
Unified communications software
Realpresence resource manager
Qdx 6000 firmware
Uc software
Vvx 500 firmware
Vvx 601 firmware
Better together over ethernet connector
Group series
HDX
PANO
Obihai obi1022 firmware


Copyright 2019, cxsecurity.com

 

Back to Top