The web framework in Cisco Prime Collaboration Assurance prior to 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco prime collaboration assurance 9.0.0 |
||
cisco prime collaboration assurance 9.5.0 |
||
cisco prime collaboration assurance 10.0.0 |
||
cisco prime collaboration assurance 10.5.0 |
||
cisco prime collaboration assurance 10.6.0 |
||
cisco prime collaboration assurance 10.5.1 |