CVE-2015-4306
published 2015-09-20CVE-2015-4306: The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read…
high8.5CVSS 3.1
AVNACMAuSCCICAC
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |
| cisco | prime_collaboration_assurance | — | — |