6.5
CVE-2015-7904
- EPSS 2.78%
- Veröffentlicht 28.10.2015 10:59:24
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Infinite Automation Systems ≫ Mango Automation Version2.5.0
Infinite Automation Systems ≫ Mango Automation Version2.5.5
Infinite Automation Systems ≫ Mango Automation Version2.6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.78% | 0.845 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02