nvd-json-data-feeds/CVE-2015/CVE-2015-79xx/CVE-2015-7913.json

{
  "id": "CVE-2015-7913",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2015-11-21T11:59:25.923",
  "lastModified": "2015-11-23T15:36:25.857",
  "vulnStatus": "Analyzed",
  "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/434.html\">CWE-434: Unrestricted Upload of File with Dangerous Type</a>",
  "descriptions": [
    {
      "lang": "en",
      "value": "ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class."
    },
    {
      "lang": "es",
      "value": "ag_server_service.exe en el AggreGate Server Service en Tibbo AggreGate en versiones anteriores a 5.30.06 permite a usuarios locales ejecutar c\u00f3digo Java arbitrario con privilegios SYSTEM mediante el uso del m\u00e9todo de despliegue Apache Axis AdminService para publicar una clase."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:tibbo:aggregate:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "5.21.02",
              "matchCriteriaId": "CD2918B5-42D4-4E7A-B2E8-E35A0415F51B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://zerodayinitiative.com/advisories/ZDI-15-572/",
      "source": "ics-cert@hq.dhs.gov"
    },
    {
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "US Government Resource"
      ]
    }
  ]
}