9.4
CVE-2015-6259
- EPSS 1.06%
- Veröffentlicht 04.09.2015 01:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Integrated Management Controller Supervisor Version <= 1.0.0.0
Cisco ≫ Unified Computing System Director Version <= 5.2.0.0
Cisco ≫ Unified Computing System Director Version3.4_base
Cisco ≫ Unified Computing System Director Version4.0_base
Cisco ≫ Unified Computing System Director Version4.1_base
Cisco ≫ Unified Computing System Director Version5.0.0.0
Cisco ≫ Unified Computing System Director Version5.0.0.1
Cisco ≫ Unified Computing System Director Version5.0.0.2
Cisco ≫ Unified Computing System Director Version5.0.0.3
Cisco ≫ Unified Computing System Director Version5.1.0.0
Cisco ≫ Unified Computing System Director Version5.1.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.06% | 0.767 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.4 | 10 | 9.2 |
AV:N/AC:L/Au:N/C:N/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.