Описание
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:videoscape_distribution_suite_service_manager:3.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00093
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
EPSS
Процентиль: 26%
0.00093
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264