Vulnerabilities > Cisco > Prime Collaboration Assurance > 9.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-20 | CVE-2015-4306 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | 8.5 |
2015-09-20 | CVE-2015-4305 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | 4.0 |
2015-09-20 | CVE-2015-4304 | Permissions, Privileges, and Access Controls vulnerability in Cisco Prime Collaboration Assurance The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | 9.0 |