Lucene search

K
cve[email protected]CVE-2015-7299
HistoryOct 21, 2015 - 6:59 p.m.

CVE-2015-7299

2015-10-2118:59:05
CWE-89
web.nvd.nist.gov
29
cve-2015-7299
sql injection
k2 blackpearl
smartforms
k2 for sharepoint

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.

Affected configurations

NVD
Node
nintexk2_blackpearlMatch4.6.7
OR
nintexk2_for_sharepointMatch4.6.7
OR
nintexk2_smartformsMatch4.6.7

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%