Lucene search
CertccCVE-2015-0931HistoryFeb 14, 2015 - 3:01 a.m.
CVE-2015-0931
2015-02-1403:01:19
CWE-74
certcc
web.nvd.nist.gov
24
ektron cms
cve-2015-0931
code execution
xslt
security issue
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.9
Confidence
High
EPSS
0.004
Percentile
73.7%
Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a “resource injection” issue.
Affected configurations
Node
ektronektron_content_management_systemMatch8.5.0
ORektronektron_content_management_systemMatch8.7.0
ORektronektron_content_management_systemMatch8.7.0sp1
ORektronektron_content_management_systemMatch8.9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ektron | ektron_content_management_system | 8.5.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.5.0:*:*:*:*:*:*:* |
| ektron | ektron_content_management_system | 8.7.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:*:*:*:*:*:*:* |
| ektron | ektron_content_management_system | 8.7.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.7.0:sp1:*:*:*:*:*:* |
| ektron | ektron_content_management_system | 8.9.0 | cpe:2.3:a:ektron:ektron_content_management_system:8.9.0:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2015-0931
2015-02-14 03:01:19
cvelist
cvelist
CVE-2015-0931
2015-02-14 02:00:00
prion
prion
Design/Logic Flaw
2015-02-14 03:01:00
cert
cert
Ektron Content Management System (CMS) contains multiple vulnerabilities
2015-02-05 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.9
Confidence
High
EPSS
0.004
Percentile
73.7%
Related for CVE-2015-0931