CVE-2015-4298

Published: Aug 19, 2015Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056.

Affected (2)

Products: Cisco: Unified Web And E Mail Interaction Manager

Cisco

1 product

Unified Web And E Mail Interaction Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Web And E Mail Interaction Manager	Version 11.0(1)
Cisco Unified Web And E Mail Interaction Manager	Version 9.0(2)

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=40428

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/76348

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033286

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=40428

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/76348

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033286

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.