{"id": "CVE-2015-4745", "bulletinFamily": "NVD", "title": "CVE-2015-4745", "description": "Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606.", "published": "2015-07-16T11:00:00", "modified": "2016-12-22T02:59:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4745", "reporter": "cve@mitre.org", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "http://www.zerodayinitiative.com/advisories/ZDI-15-357", "http://www.securityfocus.com/bid/75750"], "cvelist": ["CVE-2015-4745"], "type": "cve", "lastseen": "2019-05-29T18:14:42", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "de99d1b4b244934062e24eb716e7a07b"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "6dfe86b673312437b8fb6cabb806d65a"}, {"key": "cpe23", "hash": "96628ce372fd6e534011b10412503ae3"}, {"key": "cvelist", "hash": "100e4392e4a5d272986f18d406fa3103"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "d9ffe5940ab2b69b504be8eff4f21007"}, {"key": "href", "hash": "69e333b81d2e66077118487d022eea10"}, {"key": "modified", "hash": "17ba0c0f6bf0ce21eef67ebb49bd02ee"}, {"key": "published", "hash": "f8471c5eb3d8444dabc2baa86020ca44"}, {"key": "references", "hash": "a1a3072dea17da0a5d80d08a779c11e1"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "8622a537655ab6135481de23b924326b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "24832665fd4a2908934204497d746aba99066ccf420b7da7fb19fa6f57da2cd5", "viewCount": 0, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-05-29T18:14:42"}, "dependencies": {"references": [{"type": "zdi", "idList": ["ZDI-15-357"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14601"]}], "modified": "2019-05-29T18:14:42"}, "vulnersScore": 7.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:oracle:fusion_middleware:2.2.2", "cpe:/a:oracle:fusion_middleware:3.1", "cpe:/a:oracle:fusion_middleware:2.4", "cpe:/a:oracle:fusion_middleware:2.3", "cpe:/a:oracle:fusion_middleware:3.0"], "affectedSoftware": [{"name": "oracle fusion_middleware", "operator": "eq", "version": "2.3"}, {"name": "oracle fusion_middleware", "operator": "eq", "version": "3.0"}, {"name": "oracle fusion_middleware", "operator": "eq", "version": "2.4"}, {"name": "oracle fusion_middleware", "operator": "eq", "version": "3.1"}, {"name": "oracle fusion_middleware", "operator": "eq", "version": "2.2.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:2.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"]}

{"zdi": [{"lastseen": "2016-11-09T00:17:53", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known.\n\nThe specific flaw exists within the handling of file downloads. The issue lies in the failure to sanitize the path of files to be downloaded. A remote attacker can exploit this vulnerability to read server configuration files. This exfiltrated information can then be used to access the system with the privileges of the clover server.", "modified": "2015-11-09T00:00:00", "published": "2015-07-20T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-357", "id": "ZDI-15-357", "title": "Oracle Endeca Information Discovery Integrator ETL Server File Download Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Quarterly CPU fixed over 170 different vulnerabilities.", "modified": "2015-07-20T00:00:00", "published": "2015-07-20T00:00:00", "id": "SECURITYVULNS:VULN:14601", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14601", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:56", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-07-07T00:00:00", "published": "2015-07-14T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "", "title": "Oracle Critical Patch Update - July 2015", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}