Lucene search

[email protected]CVE-2015-2828

HistoryApr 08, 2015 - 1:59 a.m.

CVE-2015-2828

2015-04-0801:59:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-2828

ca spectrum

nvd

information security

remote code execution

java serialization

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data.

Affected configurations

NVD

Node

broadcomspectrumMatch9.2

broadcomspectrumMatch9.3

CPENameOperatorVersion
broadcom:spectrumbroadcom spectrumeq9.2
broadcom:spectrumbroadcom spectrumeq9.3

CPE	Name	Operator	Version
broadcom:spectrum	broadcom spectrum	eq	9.2
broadcom:spectrum	broadcom spectrum	eq	9.3

References

packetstormsecurity.com/files/131330/Security-Notice-For-CA-Spectrum.html

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20150407-01-security-notice-for-ca-spectrum.aspx

www.securityfocus.com/archive/1/535205/100/0/threaded

www.securityfocus.com/bid/73957

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2015-2828

nvd1 prion1 cvelist1 securityvulns2 kaspersky1