3 matches found
CVE-2015-2166
Ericsson Drutt Mobile Service Delivery Platform (MSDP) has a Local File Inclusion vulnerability in the Instance Monitor affecting versions 4–6. The flaw lets remote attackers read arbitrary files via a dot-dot-encoded slash (..%2f) in the default URI, enabling information disclosure. Root cause i...
CVE-2015-2167
Summary: CVE-2015-2167 is an open redirect vulnerability in Ericsson Drutt MSDP 3PI Manager (versions 4, 5, and 6). The issue arises from inadequate filtering of the url parameter in jsp/start-3pi-manager.jsp, enabling remote attackers to redirect users to arbitrary sites and potentially facilita...
CVE-2015-2165
CVE-2015-2165 covers multiple stored/reflected XSS flaws in Ericsson Drutt MSDP Report Viewer (versions 4.x–6.x). The vulnerabilities allow remote attackers to inject arbitrary script/HTML via a large set of parameters across various JSP pages (top-links.jsp, page-summary.jsp, service-summary.jsp...