9.8
CVE-2015-6538
- EPSS 1.88%
- Veröffentlicht 27.12.2015 19:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ephiphanyheathdata ≫ Cardio Server Version3.3
Ephiphanyheathdata ≫ Cardio Server Version4.0
Ephiphanyheathdata ≫ Cardio Server Version4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.88% | 0.767 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://www.epiphanyhealthdata.com/blog/certresponse
https://www.kb.cert.org/vuls/id/630239