CVE-2015-4682

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.

Ссылки

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polycom:realpresence_resource_manager:*:*:*:*:*:*:*:*

Версия до 8.3.2 (включая)

EPSS

Процентиль: 94%

0.1234

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-4qh5-p5x2-2wcj