PT-2015-7229 · Cisco · Cisco Hosted Collaboration Mediation Fulfillment

Publicado

2015-12-15

·

Atualizado

2016-11-28

·

CVE-2015-6404

CVSS v2.0

4.0

Média

VetorAV:N/AC:L/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Cisco Hosted Collaboration Mediation Fulfillment version 10.6(3)
Description The issue allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests.
Recommendations For Cisco Hosted Collaboration Mediation Fulfillment version 10.6(3), consider restricting access to admin roles to minimize the risk of exploitation. As a temporary workaround, limit the use of SOAP API requests until a fix is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-6404

Produtos afetados

Cisco Hosted Collaboration Mediation Fulfillment