nvd-json-data-feeds/CVE-2015/CVE-2015-50xx/CVE-2015-5072.json

{
  "id": "CVE-2015-5072",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-01-15T18:15:11.683",
  "lastModified": "2020-01-24T18:27:36.710",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter."
    },
    {
      "lang": "es",
      "value": "El servlet BIRT Engine en el componente AR System Mid Tier versi\u00f3n anterior a 9.0 SP1, para BMC Remedy AR System Server, permite a usuarios autenticados remotos \"navegar\" en archivos locales arbitrarios por medio del par\u00e1metro __imageid."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bmc:remedy_ar_system_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28404DF-DD7C-4966-89AE-9D7F4F79E135"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:bmc:remedy_ar_system_server:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D14B03-F753-4D64-A04A-80730EC600B8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://communities.bmc.com/docs/DOC-77816",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}