Vulnerability Details CVE-2015-4683
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.343
EPSS Ranking 96.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jun/81
- http://www.securityfocus.com/archive/1/535852/100/0/threaded
- http://www.securityfocus.com/bid/75432
- https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
- https://www.exploit-db.com/exploits/37449/
- http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jun/81
- http://www.securityfocus.com/archive/1/535852/100/0/threaded
- http://www.securityfocus.com/bid/75432
- https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
- https://www.exploit-db.com/exploits/37449/
Products affected by CVE-2015-4683
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.1.1
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.2.0
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.2.1
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.3.0
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.3.1
-
cpe:2.3:a:polycom:realpresence_resource_manager:8.3.2