CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.0%

CVSS Severity

CVSS v2 Score 8.5

References

Products affected by CVE-2015-4306

Cisco » Prime Collaboration Assurance » Version: 10.0.0

cpe:2.3:a:cisco:prime_collaboration_assurance:10.0.0
Cisco » Prime Collaboration Assurance » Version: 10.5.0

cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.0
Cisco » Prime Collaboration Assurance » Version: 10.5.1

cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1
Cisco » Prime Collaboration Assurance » Version: 10.6.0

cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0
Cisco » Prime Collaboration Assurance » Version: 9.0.0

cpe:2.3:a:cisco:prime_collaboration_assurance:9.0.0
Cisco » Prime Collaboration Assurance » Version: 9.5.0

cpe:2.3:a:cisco:prime_collaboration_assurance:9.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4306

Products

Pricing

Contact Us