Lucene search

[email protected]NVD:CVE-2015-8570

HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-8570

2015-12-1521:59:11

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.141

Percentile

95.7%

JSON

The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.

Affected configurations

Nvd

Node

lepideactive_directory_self_serviceMatch-

VendorProductVersionCPE
lepideactive_directory_self_service-cpe:2.3:a:lepide:active_directory_self_service:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lepide	active_directory_self_service	-	cpe:2.3:a:lepide:active_directory_self_service:-:::::::*

References

www.securityfocus.com/bid/78729

www.zerodayinitiative.com/advisories/ZDI-15-621

CVSS2

7.4

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.141

Percentile

95.7%

JSON

Related for NVD:CVE-2015-8570

zdi1 prion1 cvelist1 cve1