Authorization Bypass in Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-4299

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Web And E-mail Interaction Manager
Vendor: CVE Published:; 19 August 2015

What is CVE-2015-4299?

The Cisco Unified Web and E-Mail Interaction Manager version 9.0(2) contains a flaw that allows remote authenticated users to bypass authorization mechanisms. This vulnerability enables them to remove default messaging-queue system folders through unspecified methods. The improper authorization handling within the application can lead to potential data loss and disruption of service, posing risks to overall system integrity.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033285

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/74572

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2015
Vulnerability Reserved
Jun 4, 2015