CVE-2015-4683

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
polycomrealpresence_resource_manager
𝑥
≤ 8.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
http://seclists.org/fulldisclosure/2015/Jun/81
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
https://www.exploit-db.com/exploits/37449/
http://packetstormsecurity.com/files/132463/Polycom-RealPresence-Resource-Manager-RPRM-Disclosure-Traversal.html
http://seclists.org/fulldisclosure/2015/Jun/81
http://www.securityfocus.com/archive/1/535852/100/0/threaded
http://www.securityfocus.com/bid/75432
https://support.polycom.com/global/documents/support/documentation/Security_Center_Post_for_RPRM_CVEs.pdf
https://www.exploit-db.com/exploits/37449/