5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.1%
The Blue Coat Malware Analysis appliance is vulnerable to cross-site scripting (XSS) and information disclosure.
The Blue Coat Malware Analysis appliance is a sandboxed appliance that scans for threats in files and downloads on the network.
A cross-site scripting vulnerability exists in search.php
of the appliance. This vulnerability has been assigned CVE-2015-0937.
An information disclosure vulnerability exists in search.php
of the appliance. By use of a specialized URL parameter, this vulnerability allows a user to search for and obtain a list of documents meeting certain keywords, even if those documents are private. This vulnerability has been assigned CVE-2015-0938.
These vulnerabilities have been observed in version 4.2.3.20150129-RELEASE
; other releases may also be affected. For more information, please see Blue Coat’s security advisory SA94…
The CVSS score below is based on CVE-2015-0937.
The cross-site scripting vulnerability may allow compromise of user credentials. The information disclosure vulnerability may allow private file data to be obtained by unauthorized users.
Update software
Blue Coat has addressed these vulnerabilities in version 4.2.4.20150312-RELEASE
. Affected users are suggested to upgrade as soon as possible.
274244
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 02, 2015 Updated: April 07, 2015
Statement Date: February 13, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Temporal | 5.2 | E:POC/RL:U/RC:C |
Environmental | 3.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
<https://bto.bluecoat.com/security-advisory/sa94>
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-0937, CVE-2015-0938 |
---|---|
Date Public: | 2015-04-14 Date First Published: |