Lack of Role-Based Access Control (RBAC) in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier
CVE-2015-6417 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.
Learn more about our User Device Pen Test.