VAR-201508-0506
Vulnerability from variot - Updated: 2023-12-18 13:48Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. Vendors have confirmed this vulnerability Bug ID CSCuo89056 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlThe stored data may be read or written by a remotely authenticated user. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites. A remote attacker could exploit this vulnerability to view, modify, or delete data stored on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified web and e-mail interaction manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "unified web and e-mail interaction manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"model": "unified web and e-mail interaction manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unified web and e-mail interaction manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.0(2)"
},
{
"model": "unified web interaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(2)"
},
{
"model": "unified web interaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unified e-mail interaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0(2)"
},
{
"model": "unified e-mail interaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(1)"
}
],
"sources": [
{
"db": "BID",
"id": "76348"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:9.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_web_and_e-mail_interaction_manager:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4298"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakub Kaluzny of Securing.pl",
"sources": [
{
"db": "BID",
"id": "76348"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4298",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-82259",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4298",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-374",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82259",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. Vendors have confirmed this vulnerability Bug ID CSCuo89056 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlThe stored data may be read or written by a remotely authenticated user. \nAttackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites. A remote attacker could exploit this vulnerability to view, modify, or delete data stored on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "BID",
"id": "76348"
},
{
"db": "VULHUB",
"id": "VHN-82259"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4298",
"trust": 2.8
},
{
"db": "BID",
"id": "76348",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1033286",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-82259",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82259"
},
{
"db": "BID",
"id": "76348"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"id": "VAR-201508-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82259"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:48:50.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "40428",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40428"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40428"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/76348"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033286"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4298"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4298"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/customer-collaboration/unified-email-interaction-manager/index.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/customer-collaboration/unified-web-interaction-manager/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82259"
},
{
"db": "BID",
"id": "76348"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82259"
},
{
"db": "BID",
"id": "76348"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-82259"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76348"
},
{
"date": "2015-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"date": "2015-08-19T15:59:01.540000",
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82259"
},
{
"date": "2015-08-13T00:00:00",
"db": "BID",
"id": "76348"
},
{
"date": "2015-08-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004355"
},
{
"date": "2016-12-28T16:51:02.533000",
"db": "NVD",
"id": "CVE-2015-4298"
},
{
"date": "2015-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Web and E-mail Interaction Manager Vulnerable to reading stored data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004355"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76348"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…