Vulnerability Details : CVE-2015-4683
Potential exploit
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
Products affected by CVE-2015-4683
- cpe:2.3:a:polycom:realpresence_resource_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4683
34.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4683
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-4683
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4683
-
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
404 Not FoundVendor Advisory
-
https://www.exploit-db.com/exploits/37449/
Polycom RealPresence Resource Manager < 8.4 - Multiple VulnerabilitiesExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75432
Polycom RealPresence Resource Manager Multiple Security vulnerabilitiesThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/535852/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2015/Jun/81
Full Disclosure: SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferencesExploit;Mailing List;VDB Entry;Third Party Advisory
Jump to