{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T08:46:19Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"cisco-sa-20151008-pca","slug":"cisco-sa-20151008-pca","vendor":"Cisco","title":"Cisco Prime Collaboration Assurance Arbitrary File Retrieval Vulnerability","summary":"A vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA) could allow an authenticated, remote attacker to retrieve arbitrary files from the underlying file system. The vulnerability is due to incorrect implementation of the access control code. An attacker could exploit this vulnerability by submitting a crafted URL to the system. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca","severity":"Medium","published_at":"2015-10-08T20:10:00Z","updated_at":"2015-10-08T20:10:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-20151008-pca/csaf/cisco-sa-20151008-pca.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_epss":0.00171,"highest_cvss":6.8},"cves":[{"id":"CVE-2015-6328","description":"The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.","severity":"MEDIUM","kev":false,"epss":{"score":0.00171,"percentile":0.37971,"score_date":"2026-05-19","updated_at":"2026-05-20T02:10:43Z"},"cvss_score":6.8,"cvss_source":"NVD","cwe":"CWE-200","published_at":"2015-10-13T00:59:01Z","modified_at":"2026-05-06T22:30:45Z"}],"public_evidence":[{"product":{"name":"Cisco Prime Collaboration Assurance","slug":"cisco-prime-collaboration-assurance","vendor":"Cisco"},"cve":{"id":"CVE-2015-6328"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T19:58:18Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"Cisco Prime Collaboration Assurance","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"epss":{"score":0.00171,"score_date":"2026-05-19","updated_at":"2026-05-20T02:10:43Z"},"cvss_score":6.8,"cvss_source":"NVD","published_at":"2015-10-08T20:10:00Z","updated_at":"2015-10-08T20:10:00Z","advisory_updated_at":"2015-10-08T20:10:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca","row_display_order":1}]}