CVE-2015-6259

CRITICAL

9.4

CVSS Severity Score

EPSS Score0.0450%

EPSS Percentile11.12th

Published2015年9月4日

Last Modified2026年5月6日

Vulnerability Description

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

Affected Platforms (CPE)

📦

Cisco

Integrated Management Controller Supervisor

<= 1.0.0.0

📦

Cisco

Unified Computing System Director

<= 5.2.0.0

📦

Cisco

Unified Computing System Director

= 3.4_base

📦

Cisco

Unified Computing System Director

= 4.0_base

📦

Cisco

Unified Computing System Director

= 4.1_base

📦

Cisco

Unified Computing System Director

= 5.0.0.0

📦

Cisco

Unified Computing System Director

= 5.0.0.1

📦

Cisco

Unified Computing System Director

= 5.0.0.2

📦

Cisco

Unified Computing System Director

= 5.0.0.3

📦

Cisco

Unified Computing System Director

= 5.1.0.0

📦

Cisco

Unified Computing System Director

= 5.1.0.1

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

🔗 http://www.securitytracker.com/id/1033451

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150902-cimcs

🔗 http://www.securitytracker.com/id/1033451

Vulnerability Description

Affected Platforms (CPE)

Integrated Management Controller Supervisor

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

Unified Computing System Director

References & Advisories

関連する脆弱性情報