CVE-2015-1498

Published: Feb 16, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

Affected (1)

Products: Persistent Systems: Radia Client Automation

Persistent Systems

1 product

Radia Client Automation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Persistent Systems Radia Client Automation	All versions

Related CWEs

References (4)

http://www.zerodayinitiative.com/advisories/ZDI-15-039/

Source: cve@mitre.org

https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-039/

Source: af854a3a-2127-422b-91ae-364da2661108

https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.