CVE-2015-4306

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Collaboration Assurance
Vendor: CVE Published:; 20 September 2015

Summary

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033581

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jun 4, 2015