CiscoCISCO-SA-20151210-HCMCisco Hosted Collaboration Mediation Fulfillment SOAP API Sensitive Information Disclosure Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
32.7%
A vulnerability in the Simple Object Access Protocol (SOAP) application programming interface (API) of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an authenticated, remote attacker to obtain sensitive information that should be restricted. The attacker must authenticate as the admin user.
The vulnerability is due to lack of role-based access control (RBAC) in the application. An attacker could exploit this vulnerability by authenticating as the admin user and using the SOAP API to request restricted and sensitive information. An exploit could allow the attacker to obtain a list of customer credentials and other sensitive information.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm”]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | hosted_collaboration_solution | any | cpe:2.3:a:cisco:hosted_collaboration_solution:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
32.7%