CVE-2015-4683

Published: Sep 19, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

Affected (1)

Products: Polycom: Realpresence Resource Manager

Polycom

1 product

Realpresence Resource Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Polycom Realpresence Resource Manager	Up to 8.3.2

Related CWEs

CWE-264

References (12)

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/Jun/81

Source: cve@mitre.org

ExploitMailing ListThird Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/535852/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/75432

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf

Source: cve@mitre.org

Vendor Advisory

https://www.exploit-db.com/exploits/37449/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html