Lucene search
K
SkyboxsecuritySkybox Platform

5 matches found

CVE
CVE
added 2018/01/12 10:0 p.m.43 views

CVE-2015-9247

Skybox Platform prior to 7.5.401 contains a reflected cross-site scripting (XSS) vulnerability in /skyboxview/webservice/services/VersionRepositoryWebService via the soapenv:Body element, or in the status parameter to login.html. The issue is caused by insufficient input sanitization on these par...

5.4CVSS5.4AI score0.00513EPSS
Web
CVE
CVE
added 2018/01/12 10:0 p.m.42 views

CVE-2015-9246

CVE-2015-9246 affects Skybox Platform; remote unauthenticated code execution via a WAR containing a JSP is possible. The WAR is delivered to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP executes at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. Af...

10CVSS9.3AI score0.02906EPSS
CVE
CVE
added 2018/01/12 10:0 p.m.38 views

CVE-2015-9249

CVE-2015-9249 concerns Skybox Platform. Several connected sources confirm an SQL injection vulnerability in /skyboxview/webservice/services/VersionWebService reachable via soapenv:Body. The CVE record states the issue exists in Skybox Platform before 7.5.201; CNVD notes versions prior to 7.5.401....

9.8CVSS9.7AI score0.01097EPSS
Web
CVE
CVE
added 2018/01/12 10:0 p.m.38 views

CVE-2015-9250

CVE-2015-9250 affects Skybox Platform prior to versions 7.5.201 (NVD entry) and 7.5.401 (CNVD entry). A directory traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter, enabling retrieval of arbitrary files (as stated by...

7.5CVSS7.5AI score0.01716EPSS
Web
CVE
CVE
added 2018/01/12 10:0 p.m.34 views

CVE-2015-9248

Skybox Platform is affected by a stored cross-site scripting (XSS) in Change Manager. Multiple sources report this vulnerability in the web path /skyboxview/webskybox/tickets, with Skybox Platform versions prior to 7.5.201 (NVD) and prior to 7.5.401 (CNVD) being vulnerable. The issue concerns the...

5.4CVSS5.4AI score0.00513EPSS
Web