exploitDog

CVE-2015-5071

Опубликовано: 15 янв. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.

Ссылки

https://communities.bmc.com/docs/DOC-77816
Third Party Advisory
https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html
Third Party Advisory
VDB Entry
https://communities.bmc.com/docs/DOC-77816
Third Party Advisory
https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bmc:remedy_ar_system_server:8.0:*:*:*:*:*:*:*

cpe:2.3:a:bmc:remedy_ar_system_server:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00366

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-r4gx-rgv3-256p

github

больше 3 лет назад

AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet.

EPSS

Процентиль: 58%

0.00366

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269