Lucene search

K

[email protected]NVD:CVE-2015-3269

HistoryAug 25, 2015 - 1:59 a.m.

CVE-2015-3269

2015-08-2501:59:00

CWE-200

[email protected]

web.nvd.nist.gov

1

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

4

Confidence

High

EPSS

0.009

Percentile

82.5%

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

hpbusiness_service_managementRange≤9.26

Node

adobelivecycle_data_servicesMatch3.0

OR

adobelivecycle_data_servicesMatch4.5

OR

adobelivecycle_data_servicesMatch4.6

OR

adobelivecycle_data_servicesMatch4.7

References

marc.info/?l=bugtraq&m=145706712500978&w=2

www.securityfocus.com/archive/1/536266/100/0/threaded

www.securityfocus.com/bid/76394

www.securitytracker.com/id/1033337

www.vmware.com/security/advisories/VMSA-2015-0008.html

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05026202

helpx.adobe.com/content/help/en/security/products/coldfusion/apsb15-21.html

helpx.adobe.com/security/products/livecycleds/apsb15-20.html

www.zerodayinitiative.com/advisories/ZDI-22-508/

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

4

Confidence

High

EPSS

0.009

Percentile

82.5%

Related for NVD:CVE-2015-3269

zdt1 cve1 nessus4 securityvulns2 threatpost3 zdi1 adobe1 prion1 cvelist1 myhack582 cert2 vmware2 seebug1