PT-2015-6509 · Cisco · Cisco Unified Web/E-Mail Interaction Manager

Publicado

2015-08-19

Atualizado

2016-12-28

CVE-2015-4298

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Unified Web and E-Mail Interaction Manager versions 9.0(2) and 11.0(1)

Description The issue is related to improper authorization, allowing remote authenticated users to read or write to stored data.

Recommendations For version 9.0(2), update to a version that properly performs authorization. For version 11.0(1), update to a version that properly performs authorization. As a temporary workaround, consider restricting access to sensitive data until a patch is available.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2015-4298

Produtos afetados

Cisco Unified Web/E-Mail Interaction Manager

PT-2015-6509 · Cisco · Cisco Unified Web/E-Mail Interaction Manager

CVE-2015-4298

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4