7.5
CVE-2015-2977
- EPSS 2.29%
- Veröffentlicht 29.07.2015 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginWebservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webservice-dic ≫ Yoyaku Version41
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.29% | 0.809 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://jvn.jp/en/jp/JVN46674982/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000107