9.4
CVE-2015-6259
- EPSS 1.06%
- Published 04.09.2015 01:59:02
- Last modified 12.04.2025 10:46:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Integrated Management Controller Supervisor Version <= 1.0.0.0
Cisco ≫ Unified Computing System Director Version <= 5.2.0.0
Cisco ≫ Unified Computing System Director Version3.4_base
Cisco ≫ Unified Computing System Director Version4.0_base
Cisco ≫ Unified Computing System Director Version4.1_base
Cisco ≫ Unified Computing System Director Version5.0.0.0
Cisco ≫ Unified Computing System Director Version5.0.0.1
Cisco ≫ Unified Computing System Director Version5.0.0.2
Cisco ≫ Unified Computing System Director Version5.0.0.3
Cisco ≫ Unified Computing System Director Version5.1.0.0
Cisco ≫ Unified Computing System Director Version5.1.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.767 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.4 | 10 | 9.2 |
AV:N/AC:L/Au:N/C:N/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.