Lucene search

[email protected]NVD:CVE-2015-1818

HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-1818

2015-08-1114:59:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Affected configurations

NVD

Node

redhatjboss_bpm_suiteRange≤6.1.0

References

rhn.redhat.com/errata/RHSA-2015-1539.html

rhn.redhat.com/errata/RHSA-2015-1704.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for NVD:CVE-2015-1818

prion1 cvelist1 cve1 redhat2