Lucene search

[email protected]CVE-2015-2990

HistorySep 05, 2015 - 2:59 a.m.

CVE-2015-2990

2015-09-0502:59:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2015

2990

directory traversal

zhtml.cgi

neojapan desknet neo

vulnerability

remote authentication

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.4%

JSON

Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

Affected configurations

NVD

Node

neojapandesknet_neoRange≤2.5r1.4

CPENameOperatorVersion
neojapan:desknet_neoneojapan desknet neole2.5

CPE	Name	Operator	Version
neojapan:desknet_neo	neojapan desknet neo	le	2.5

References

jvn.jp/en/jp/JVN09283606/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000122

www.desknets.com/neo/support/mainte/2590/

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.4%

JSON

Related for CVE-2015-2990

cvelist1 jvn1 nvd1 prion1