CVE-2015-2475

2015-08-1500:59:34

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-2475

cross-site scripting

xss

uddi services

microsoft

elevation of privilege

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.092 Low

EPSS

Percentile

94.7%

JSON

Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka “UDDI Services Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftbiztalk_serverMatch2010

microsoftbiztalk_serverMatch2013

microsoftbiztalk_serverMatch2013r2

microsoftwindows_server_2008sp2

CPENameOperatorVersion
microsoft:biztalk_servermicrosoft biztalk servereq2010
microsoft:biztalk_servermicrosoft biztalk servereq2013
microsoft:windows_server_2008microsoft windows server 2008eq*

CPE	Name	Operator	Version
microsoft:biztalk_server	microsoft biztalk server	eq	2010
microsoft:biztalk_server	microsoft biztalk server	eq	2013
microsoft:windows_server_2008	microsoft windows server 2008	eq	*