Vulnerability-Lookup

CNVD-2019-42882

Vulnerability from cnvd - Published: 2019-11-29

Title

AxiomSL Axiom java applet模块安全漏洞

Description

AxiomSL是一个金融机构，提供企业实力平台和相关的行业专业知识，从而解决关键的法规和风险要求。 AxiomSL Axiom java applet模块9.5.3及之前版本中存在安全漏洞。目前没有详细的漏洞细节提供。

Severity

高

Formal description

目前厂商暂未发布修复措施，建议使用此软件的用户随时关注厂商主页或参考网址： www.excellium-services.comhttp://www.axiomsl.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2015-5463

Impacted products

Name
AxiomSL Axiom Google Web Toolkit <=9.5.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5463",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5463"
    }
  },
  "description": "AxiomSL\u662f\u4e00\u4e2a\u91d1\u878d\u673a\u6784\uff0c\u63d0\u4f9b\u4f01\u4e1a\u5b9e\u529b\u5e73\u53f0\u548c\u76f8\u5173\u7684\u884c\u4e1a\u4e13\u4e1a\u77e5\u8bc6\uff0c\u4ece\u800c\u89e3\u51b3\u5173\u952e\u7684\u6cd5\u89c4\u548c\u98ce\u9669\u8981\u6c42\u3002\n\nAxiomSL Axiom java applet\u6a21\u57579.5.3\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\uff1a\r\nwww.excellium-services.comhttp://www.axiomsl.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42882",
  "openTime": "2019-11-29",
  "products": {
    "product": "AxiomSL Axiom Google Web Toolkit \u003c=9.5.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2015-5463",
  "serverity": "\u9ad8",
  "submitTime": "2019-04-08",
  "title": "AxiomSL Axiom java applet\u6a21\u5757\u5b89\u5168\u6f0f\u6d1e"
}

CVE-2015-5463 (GCVE-0-2015-5463)

Vulnerability from cvelistv5 – Published: 2019-04-03 19:15 – Updated: 2024-08-06 06:50

Summary

AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.excellium-services.com/cert-xlm-advis…

x_refsource_MISC

Date Public ?

2015-07-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:50:02.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "AxiomSL\u0027s Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T19:15:59.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5463",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AxiomSL\u0027s Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/",
              "refsource": "MISC",
              "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2015-5463/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5463",
    "datePublished": "2019-04-03T19:15:59.000Z",
    "dateReserved": "2015-07-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:50:02.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-42882

CVE-2015-5463 (GCVE-0-2015-5463)

Tags

Sightings

Nomenclature