Back to overview

CVE-2026-15474

MEDIUM
4.3
CVSS 3.1
Description
A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID
CVE-2026-15474
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-11 09:33 UTC
Published
2026-07-12 02:00 UTC
Last updated
2026-07-12 02:00 UTC
Primary CWE
CWE-285
Improper Authorization
Vendor / Product
Eleveo / Call Recording Software
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
Eleveo Call Recording Software 9.7.0
Weakness (CWE)
CWESourceDescription
CWE-266 cna Incorrect Privilege Assignment
CWE-285 cna Improper Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
4.0 N/D 2.0 cna AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR
References (5)
Back to overview