CVE-2015-4683

Опубликовано: 19 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.

Ссылки

http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/81
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
Third Party Advisory
VDB Entry
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
Vendor Advisory
https://www.exploit-db.com/exploits/37449/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polycom:realpresence_resource_manager:*:*:*:*:*:*:*:*

Версия до 8.3.2 (включая)

EPSS

Процентиль: 97%

0.34308

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-98ff-jmw6-p767