Vulnerability Details CVE-2015-6417
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.1%
CVSS Severity
CVSS v2 Score 6.5
References
Products affected by CVE-2015-6417
-
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.0.0
-
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.1.0
-
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.2.0
-
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.3.0
-
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.4.0