Lucene search

[email protected]NVD:CVE-2015-6459

HistorySep 18, 2015 - 10:59 p.m.

CVE-2015-6459

2015-09-1822:59:07

CWE-22

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.613 Medium

EPSS

Percentile

97.8%

JSON

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

Affected configurations

NVD

Node

gemds_pulsenetRange≤3.1.3

gemds_pulsenetRange≤3.1.3enterprise

References

www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9

zerodayinitiative.com/advisories/ZDI-15-439/

ics-cert.us-cert.gov/advisories/ICSA-15-258-03

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.613 Medium

EPSS

Percentile

97.8%

JSON

Related for NVD:CVE-2015-6459

cve1 prion1 cvelist1 zdi1 checkpoint_advisories1 ics1