Vulnerability CVE-2015-6404
Published: 2015-12-15

Description:
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cisco -> Hosted collaboration solution 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm
Copyright 2024, cxsecurity.com

 

Back to Top