cpe:/a:cisco:mediator_framework:1.5.1 cpe:/a:cisco:mediator_framework:2.2 cpe:/a:cisco:mediator_framework:3.0.8 CVE-2010-0599 2010-05-27T15:30:01.563-04:00 2010-06-13T15:16:49.187-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-05-28T10:16:00.000-04:00 SECTRACK 1024027 CISCO 20100526 Multiple Vulnerabilities in Cisco Network Building Mediator SECUNIA 39904 CERT-VN VU#757804 MISC http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.