HIGH🇵🇱 Wersja polska

CVE-2015-1498

CVSS 10.0v2.0pub. 2015-02-16upd. 2026-05-06

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Persistent Systems Radia Client Automation

    APP
    Persistent Systems
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-1497HIGH10.0ten sam produkt

radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attacker...