CVE-2015-6459

{"id": "CVE-2015-6459", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-18T22:59:07.013", "references": [{"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-15-439/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-15-439/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname."}, {"lang": "es", "value": "Vulnerabilidad de salto de ruta absoluta en la funcionalidad de descarga en FileDownloadServlet en GE Digital Energy MDS PulseNET y MDS PulseNET Enterprise en versiones anteriores a 3.1.5, permite a atacantes remotos leer o eliminar archivos arbitrarios a trav\u00e9s de un nombre de ruta completo."}], "lastModified": "2024-11-21T02:35:00.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1538CC5-82FE-4847-A9E1-AA90E85D5057", "versionEndIncluding": "3.1.3"}, {"criteria": "cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "3A730B4B-9A48-4F92-8730-ECF75F8F5DE1", "versionEndIncluding": "3.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}