CVE-2015-6395

CWE-2644 documents4 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 41.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Service Catalog
Timeline
PublishedDec 12
Latest updateMay 17

Description

Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDcisco/prime_service_catalog4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-m97x-rfxh-9ppm: Cisco Prime Service Catalog 102022-05-17
CVEList
CVE-2015-6395: Cisco Prime Service Catalog 102015-12-12

📋Vendor Advisories

1
Cisco
Cisco Prime Service Catalog Web Interface Unauthorized Access Vulnerability2015-12-08
CVE-2015-6395 (MEDIUM CVSS 6.5) | Cisco Prime Service Catalog 10.0 | cvebase.io