Lucene search
HistoryNov 04, 2015 - 3:59 a.m.
CVE-2015-7253
commvault
edge server
security
vulnerability
cve-2015-7253
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.0%
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie.
Affected configurations
Node
commvaultedge_serverMatch10r2
| CPE | Name | Operator | Version |
|---|---|---|---|
| commvault:edge_server | commvault edge server | eq | 10 |
References
Related
cert
cert
Commvault Edge Server deserializes cookie data insecurely
2015-11-03 00:00:00
cvelist
cvelist
CVE-2015-7253
2015-11-04 02:00:00
prion
prion
Design/Logic Flaw
2015-11-04 03:59:00
nvd
nvd
CVE-2015-7253
2015-11-04 03:59:16
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.0%
Related for CVE-2015-7253