Lucene search

K

[email protected]NVD:CVE-2015-3269

HistoryAug 25, 2015 - 1:59 a.m.

CVE-2015-3269

2015-08-2501:59:00

CWE-200

[email protected]

web.nvd.nist.gov

1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

hpbusiness_service_managementRange≤9.26

Node

adobelivecycle_data_servicesMatch3.0

OR

adobelivecycle_data_servicesMatch4.5

OR

adobelivecycle_data_servicesMatch4.6

OR

adobelivecycle_data_servicesMatch4.7

References

marc.info/?l=bugtraq&m=145706712500978&w=2

www.securityfocus.com/archive/1/536266/100/0/threaded

www.securityfocus.com/bid/76394

www.securitytracker.com/id/1033337

www.vmware.com/security/advisories/VMSA-2015-0008.html

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202

helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html

helpx.adobe.com/security/products/livecycleds/apsb15-20.html

www.zerodayinitiative.com/advisories/ZDI-22-508/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

4 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

Related for NVD:CVE-2015-3269

zdt1 cve1 nessus4 threatpost3 zdi1 securityvulns2 adobe1 myhack582 prion1 cvelist1 cert2 vmware2 seebug1