CVE-2015-6404
Summary
| CVE | CVE-2015-6404 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-15 05:59:00 UTC |
| Updated | 2016-11-28 19:39:00 UTC |
| Description | Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Hosted Collaboration Solution | 10.6(3)_base | All | All | All |
| Application | Cisco | Hosted Collaboration Solution | 10.6\(3\)_base | All | All | All |
| Application | Cisco | Hosted Collaboration Solution | 10.6\(3\)_base | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.