CVE-2015-6417

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request, aka Bug ID CSCuv87025.

Date published : 2015-12-12

http://www.securityfocus.com/bid/78871

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-vdssm