var-201512-0405
Vulnerability from variot
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. Vendors have confirmed this vulnerability Bug ID CSCuw48188 It is released as.Settings can be changed by third parties through direct requests. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker could exploit this vulnerability to modify the configuration by sending a direct request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime service catalog",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0\\(r2\\)_base"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0_base"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.1_base"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0_base"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0(r2)"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.1"
},
{
"model": "prime service catalog",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:10.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:10.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:11.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_service_catalog:10.0\\(r2\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6395"
}
]
},
"cve": "CVE-2015-6395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6395",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-84356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6395",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-393",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84356",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. Vendors have confirmed this vulnerability Bug ID CSCuw48188 It is released as.Settings can be changed by third parties through direct requests. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker could exploit this vulnerability to modify the configuration by sending a direct request",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "VULHUB",
"id": "VHN-84356"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6395",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1034313",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-84356",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"id": "VAR-201512-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84356"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:18.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151207-psc",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151207-psc"
},
{
"title": "Cisco Prime Service Catalog Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59211"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151207-psc"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034313"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6395"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6395"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-84356"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"date": "2015-12-12T11:59:00.120000",
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-84356"
},
{
"date": "2015-12-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006391"
},
{
"date": "2017-09-13T01:29:04.457000",
"db": "NVD",
"id": "CVE-2015-6395"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Service Catalog Vulnerabilities whose settings are changed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006391"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-393"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.