exploitDog

CVE-2015-5072

Опубликовано: 15 янв. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

Ссылки

https://communities.bmc.com/docs/DOC-77816
Vendor Advisory
https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html
Third Party Advisory
VDB Entry
https://communities.bmc.com/docs/DOC-77816
Vendor Advisory
https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bmc:remedy_ar_system_server:8.0:*:*:*:*:*:*:*

cpe:2.3:a:bmc:remedy_ar_system_server:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00186

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-4734-vmhw-wwwj

github

больше 3 лет назад

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.

EPSS

Процентиль: 40%

0.00186

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-269