An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-12T22:00:00
Updated: 2024-08-06T08:43:42.265Z
Reserved: 2018-01-12T00:00:00
Link: CVE-2015-9246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-12T22:29:00.217
Modified: 2024-11-21T02:40:08.380
Link: CVE-2015-9246
Redhat
No data.