9.8

CVE-2015-5463

EPSS 0.96%
Veröffentlicht 03.04.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 02:33:03
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Axiomsl ≫ Axiom Version <= 9.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.96%	0.745

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-5463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5463

EUVD