{"api_version":"1","generated_at":"2026-04-23T13:49:25+00:00","cve":"CVE-2015-6348","urls":{"html":"https://cve.report/CVE-2015-6348","api":"https://cve.report/api/cve/CVE-2015-6348.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-6348","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-6348"},"summary":{"title":"CVE-2015-6348","description":"The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2015-10-30 10:59:00","updated_at":"2016-12-07 18:19:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1","name":"20151026 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability","refsource":"CISCO","tags":["Vendor Advisory"],"title":"Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1033970","name":"1033970","refsource":"SECTRACK","tags":[],"title":"Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Obtain System Administrator Reports and Status - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-6348","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6348","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"6348","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_access_control_server","cpe6":"5.7.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6348","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_access_control_server","cpe6":"5.7.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-6348","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1033970","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1033970"},{"name":"20151026 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"}]}},"nvd":{"publishedDate":"2015-10-30 10:59:00","lastModifiedDate":"2016-12-07 18:19:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"6348","Ordinal":"83349","Title":"CVE-2015-6348","CVE":"CVE-2015-6348","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"6348","Ordinal":"1","NoteData":"The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"6348","Ordinal":"2","NoteData":"2015-10-30","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"6348","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}