CVE-2015-4306

The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.

Severity	HIGH
CVSS	8.5
EPSS	0.37% EPSS medium
CWE	CWE-264
KEV
Published	10 years ago
Modified	2 weeks ago

Public Affected Products

Product	Advisory	Evidence
Cisco Prime Collaboration Assurance	cisco-sa-20150916-pca	Cisco CSAF · structured affected