CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1498

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile44.31th
PublishedFeb 16, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

Affected Platforms (CPE)

πŸ“¦
Persistent Systems

Radia Client Automation

All versions

References & Advisories

πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-039/
πŸ”— https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-15-039/
πŸ”— https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

Related Vulnerabilities

CVE-2015-786010.0

Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibl...

CVE-2011-088910.0

Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote...

CVE-2015-149710.0

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitra...

CVE-2015-786110.0

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to exe...