Lucene search

[email protected]CVE-2015-4298

HistoryAug 19, 2015 - 3:59 p.m.

CVE-2015-4298

2015-08-1915:59:01

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-4298

cisco

unified web

e-mail interaction manager

authorization issue

bug id cscuo89056

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.

Affected configurations

NVD

Node

ciscounified_web_and_e-mail_interaction_managerMatch9.0\(2\)

ciscounified_web_and_e-mail_interaction_managerMatch11.0\(1\)

CPENameOperatorVersion
cisco:unified_web_and_e-mail_interaction_managercisco unified web and e-mail interaction managereq9.0\(2\)
cisco:unified_web_and_e-mail_interaction_managercisco unified web and e-mail interaction managereq11.0\(1\)

CPE	Name	Operator	Version
cisco:unified_web_and_e-mail_interaction_manager	cisco unified web and e-mail interaction manager	eq	9.0\(2\)
cisco:unified_web_and_e-mail_interaction_manager	cisco unified web and e-mail interaction manager	eq	11.0\(1\)

References

tools.cisco.com/security/center/viewAlert.x?alertId=40428

www.securityfocus.com/bid/76348

www.securitytracker.com/id/1033286

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2015-4298

prion1 nvd1 cisco1 cvelist1