Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1498

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-1498
Last Modified 17 Feb 2015 03:29:37
Published 16 Feb 2015 10:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1498

Summary

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via a addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or other unspecified impact.

Vulnerable Systems

Application

  • Persistent Systems Radia Client Automation -


References

CONFIRM - https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-039/


Last Updated: 27 May 2016 11:07:50