CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-1498

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0750%
EPSS Percentile44.31th
Published2015年2月16日
Last Modified2026年5月6日

Vulnerability Description

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

Affected Platforms (CPE)

📦
Persistent Systems

Radia Client Automation

All versions

References & Advisories

🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-039/
🔗 https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features
🔗 http://www.zerodayinitiative.com/advisories/ZDI-15-039/
🔗 https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features

相關漏洞威脅

CVE-2015-786010.0

Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibl...

CVE-2011-088910.0

Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote...

CVE-2015-149710.0

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitra...

CVE-2015-786110.0

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to exe...