Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2015-4684

Published: 19/09/2017 Updated: 09/10/2018
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2
VMScore: 555
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Polycom

Vulnerability Summary

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) prior to 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

polycom realpresence resource manager

Exploits

Exploit DB: Polycom RealPresence Resource Manager (RPRM) Disclosure / Traversal
By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance This has an impact on all conferences taking place via this RP Resource Manager Attackers can steal all conference passcodes and join or record any conference Versions prior to 84 ar ...
Exploit DB: Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory &lt; 20150626-0 &gt; ======================================================================= title: Critical vulnerabilities allow surveillance on conferences product: Polycom RealPresence Resource Manager (RPRM) vulnerable versi ...

References

CWE-255https://www.exploit-db.com/exploits/37449/https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdfhttp://www.securityfocus.com/bid/75432http://seclists.org/fulldisclosure/2015/Jun/81http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.htmlhttp://www.securityfocus.com/archive/1/535852/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.htmlhttps://www.exploit-db.com/exploits/37449/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook