Arbitrary File Retrieval in Cisco Prime Collaboration Assurance Web Framework
CVE-2015-6328

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Collaboration Assurance
Vendor: CVE Published:; 13 October 2015

Summary

The web framework in Cisco Prime Collaboration Assurance 10.5(1) contains a vulnerability that permits remote authenticated users to bypass access restrictions. This can lead to the unauthorized reading of files through specially crafted URLs, potentially exposing sensitive information within the system. Affected users should apply appropriate mitigations as outlined in Cisco's advisory.

References

http://www.securitytracker.com/id/1033784

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Oct 13, 2015
Vulnerability Reserved
Aug 17, 2015