exploitDog

CVE-2015-5463

Опубликовано: 03 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.

Ссылки

https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/
Third Party Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:axiomsl:axiom:*:*:*:*:*:*:*:*

Версия до 9.5.3 (включая)

EPSS

Процентиль: 76%

0.00964

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-285

Связанные уязвимости

GHSA-4jqw-xwf7-vfv3

CVSS3: 9.8

github

больше 3 лет назад

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.

EPSS

Процентиль: 76%

0.00964

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-285