4.3
CVE-2015-5255
- EPSS 2.9%
- Published 18.11.2015 21:59:00
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.
Data is provided by the National Vulnerability Database (NVD)
Hp ≫ Xp P9000 Command View Advanced Edition Version-
Hp ≫ Xp7 Command View Advanced Edition Version-
Adobe ≫ Coldfusion Updateupdate17 Version <= 10.0
Adobe ≫ Coldfusion Updateupdate6 Version <= 11.0
Adobe ≫ Livecycle Data Services Version3.0
Adobe ≫ Livecycle Data Services Version4.5
Adobe ≫ Livecycle Data Services Version4.6
Adobe ≫ Livecycle Data Services Version4.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.9% | 0.858 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.