Lucene search

[email protected]CVE-2015-2420

HistoryAug 15, 2015 - 12:59 a.m.

CVE-2015-2420

2015-08-1500:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-2420

cross-site scripting

xss

microsoft system center 2012

operations manager

nvd

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka “System Center Operations Manager Web Console XSS Vulnerability.”

CPENameOperatorVersion
microsoft:system_center_operations_managermicrosoft system center operations managereq2012

CPE	Name	Operator	Version
microsoft:system_center_operations_manager	microsoft system center operations manager	eq	2012

References

www.securitytracker.com/id/1033245

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-086

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2015-2420

securityvulns1 nessus1 prion1 cvelist1 kaspersky1 symantec1 mskb1