nvd-json-data-feeds/CVE-2015/CVE-2015-73xx/CVE-2015-7323.json

{
  "id": "CVE-2015-7323",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2015-10-05T15:59:01.860",
  "lastModified": "2024-11-21T02:36:35.410",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar."
    },
    {
      "lang": "es",
      "value": "El Secure Meeting (Pulse Collaboration) en Pulse Connect Secure (anteriormente Juniper Junos Pulse) en versiones anteriores a 7.1R22.1, 7.4, 8.0 en versiones anteriores a 8.0R11 y 8.1 en versiones anteriores a 8.1R3 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y conectarse a reuniones arbitrarias mediante aprovechamiento de un id de reuni\u00f3n y meetingAppSun.jar."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "baseScore": 3.5,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:juniper:pulse_connect_secure:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B1967B-76D9-4E46-8E98-594684B53CC7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:juniper:pulse_connect_secure:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C209D3C-C716-4A7F-9665-0C9C1DC2933F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:juniper:pulse_connect_secure:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBDB9656-C040-4434-B484-31C682C55149"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:juniper:pulse_connect_secure:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274B576D-5D83-4028-9732-0A394CA89FC3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://seclists.org/fulldisclosure/2015/Sep/98",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1033684",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://profundis-labs.com/advisories/CVE-2015-7323.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://seclists.org/fulldisclosure/2015/Sep/98",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1033684",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40054",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://packetstormsecurity.com/files/133711/Junos-Pulse-Secure-Meeting-8.0.5-Access-Bypass.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    },
    {
      "url": "https://profundis-labs.com/advisories/CVE-2015-7323.txt",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ]
    }
  ]
}