Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-02-16T15:00:00
Updated: 2024-08-06T04:47:16.223Z
Reserved: 2015-02-05T00:00:00
Link: CVE-2015-1498
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2015-02-16T15:59:11.590
Modified: 2016-05-18T22:36:31.527
Link: CVE-2015-1498
Redhat
No data.