CVE-2015-6417 Information

Description

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access which allows remote authenticated users to read or write to database entries via (1) the GUI or (2) a crafted HTTP request aka Bug ID CSCuv87025.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-vdssm http://www.securityfocus.com/bid/78871