Lucene search
HistorySep 18, 2015 - 10:59 p.m.
CVE-2015-6459
cve-2015-6459
absolute path traversal
filedownloadservlet
ge digital energy
mds pulsenet
security vulnerability
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
Low
0.653 Medium
EPSS
Percentile
97.9%
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
Affected configurations
Node
gemds_pulsenetRange≤3.1.3
ORgemds_pulsenetRange≤3.1.3enterprise
| CPE | Name | Operator | Version |
|---|---|---|---|
| ge:mds_pulsenet | ge mds pulsenet | le | 3.1.3 |
Related
cvelist
cvelist
CVE-2015-6459
2015-09-18 22:00:00
prion
prion
Path traversal
2015-09-18 22:59:00
nvd
nvd
CVE-2015-6459
2015-09-18 22:59:07
zdi
zdi
checkpoint_advisories
checkpoint_advisories
ics
ics
GE MDS PulseNET Vulnerabilities
2018-08-27 12:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
Low
0.653 Medium
EPSS
Percentile
97.9%
Related for CVE-2015-6459