CVE-2015-6404

Published: Dec 15, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SOAP API requests, aka Bug ID CSCuw84374.

Affected (1)

Products: Cisco: Hosted Collaboration Solution

Cisco

1 product

Hosted Collaboration Solution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Hosted Collaboration Solution	Version 10.6(3)_base

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/78874

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-hcm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/78874

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.