Lucene search

K
cve[email protected]CVE-2015-7820
HistoryNov 12, 2015 - 3:59 a.m.

CVE-2015-7820

2015-11-1203:59:00
CWE-362
web.nvd.nist.gov
21
cve-2015-7820
ibm
lenovo
snsc
switch center
race condition
administration panel
web service
privileged account access
directory traversal
arbitrary files
port 40080
port 40443
nvd

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.272 Low

EPSS

Percentile

96.7%

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.

6.6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.272 Low

EPSS

Percentile

96.7%

Related for CVE-2015-7820