Описание
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-4683
- https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
- https://www.exploit-db.com/exploits/37449
- http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jun/81
- http://www.securityfocus.com/archive/1/535852/100/0/threaded
- http://www.securityfocus.com/bid/75432
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.