← Back

CVE-2015-6417

nvd nist
Published: Dec 12, 2015Modified: May 6, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.

Affected (5)

Cisco
1 product
Videoscape Distribution Suite Service Manager
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Videoscape Distribution Suite Service Manager
Version 3.0.0
Videoscape Distribution Suite Service Manager
Version 3.1.0
Videoscape Distribution Suite Service Manager
Version 3.2.0
Videoscape Distribution Suite Service Manager
Version 3.3.0
Videoscape Distribution Suite Service Manager
Version 3.4.0

Related CWEs

CWE-264
CWE-264

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.