Authorization Bypass in Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-4299

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Web And E-mail Interaction Manager
Vendor: CVE Published:; 19 August 2015

Summary

The Cisco Unified Web and E-Mail Interaction Manager version 9.0(2) contains a flaw that allows remote authenticated users to bypass authorization mechanisms. This vulnerability enables them to remove default messaging-queue system folders through unspecified methods. The improper authorization handling within the application can lead to potential data loss and disruption of service, posing risks to overall system integrity.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033285

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/74572

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 19, 2015
Vulnerability Reserved
Jun 4, 2015