CVE-2015-3125

2015-07-0916:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-3125

adobe flash player

adobe air

same origin policy

remote attackers

6.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.046 Low

EPSS

Percentile

92.5%

JSON

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.468
adobe:airadobe airle18.0.0.144
adobe:air_sdkadobe air sdkle18.0.0.144
adobe:air_sdk_\&_compileradobe air sdk \& compilerle18.0.0.144
adobe:flash_playeradobe flash playerle13.0.0.289
adobe:flash_playeradobe flash playereq14.0.0.125
adobe:flash_playeradobe flash playereq14.0.0.145
adobe:flash_playeradobe flash playereq14.0.0.176
adobe:flash_playeradobe flash playereq14.0.0.179
adobe:flash_playeradobe flash playereq15.0.0.152

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.468
adobe:air	adobe air	le	18.0.0.144
adobe:air_sdk	adobe air sdk	le	18.0.0.144
adobe:air_sdk_\&_compiler	adobe air sdk \& compiler	le	18.0.0.144
adobe:flash_player	adobe flash player	le	13.0.0.289
adobe:flash_player	adobe flash player	eq	14.0.0.125
adobe:flash_player	adobe flash player	eq	14.0.0.145
adobe:flash_player	adobe flash player	eq	14.0.0.176
adobe:flash_player	adobe flash player	eq	14.0.0.179
adobe:flash_player	adobe flash player	eq	15.0.0.152