Vulnerability Details : CVE-2015-1498
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.
Products affected by CVE-2015-1498
- cpe:2.3:a:persistent_systems:radia_client_automation:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1498
58.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1498
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-1498
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1498
-
http://www.zerodayinitiative.com/advisories/ZDI-15-039/
ZDI-15-039 | Zero Day Initiative
-
https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
Accelerite releases solutions and best practices to enhance the security for RBAC and Remote Notify featuresVendor Advisory
Jump to