CVE-2015-4298

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40428	Vendor Advisory
http://www.securityfocus.com/bid/76348	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033286	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:9.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:11.0\(1\):::::::*

History

No history.

Information

Published : 2015-08-19 15:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-4298

Mitre link : CVE-2015-4298

CVE.ORG link : CVE-2015-4298

JSON object : View

Products Affected

cisco

unified_web_and_e-mail_interaction_manager

CWE

CWE-284

Improper Access Control

{"id": "CVE-2015-4298", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-19T15:59:01.540", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40428", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/76348", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1033286", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056."}, {"lang": "es", "value": "Vulnerabilidad en Cisco Unified Web y E-Mail Interaction Manager 9.0(2) y 11.0(1) no realiza la autorizaci\u00f3n adecuadamente, lo que permite a usuarios remotos autenticados leer o escribir en los datos almacenados a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como Bug ID CSCuo89056."}], "lastModified": "2016-12-28T16:51:02.533", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:9.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "250253EA-5E9C-4F9F-86EF-1E9B87FEB936"}, {"criteria": "cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:11.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "106C7F90-EBCB-469E-9AEF-C2DB1D56B755"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}