Lucene search

[email protected]CVE-2015-4988

HistoryJan 18, 2016 - 5:59 a.m.

CVE-2015-4988

2016-01-1805:59:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2015-4988

directory traversal

ibm tealeaf customer experience

security vulnerability

information security

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.

CPENameOperatorVersion
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.1a
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.2
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.0
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.0a
ibm:tealeaf_customer_experienceibm tealeaf customer experiencele8.6
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq8.7
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.1
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq9.0.2a
ibm:tealeaf_customer_experienceibm tealeaf customer experienceeq8.8

CPE	Name	Operator	Version
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.1a
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.2
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.0
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.0a
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	le	8.6
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	8.7
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.1
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	9.0.2a
ibm:tealeaf_customer_experience	ibm tealeaf customer experience	eq	8.8

References

www-01.ibm.com/support/docview.wss?uid=swg21968868

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

8.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2015-4988

ibm2 prion1 cvelist1