CVE-2015-5421
published 2015-08-24CVE-2015-5421: Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
10.66%
95.2th percentile
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | keyview | >= 10.23.0.0 < 10.23.0.1 | 10.23.0.1 |
| hp | keyview | >= 10.24.0.0 < 10.24.0.1 | 10.24.0.1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa9.6CRITICAL
vendor_redhat9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cg4v-wffc-pfj3: Unspecified vulnerability in HP KeyView before 10
ghsa_unreviewed·2022-05-14
CVE-2015-5421 [HIGH] GHSA-cg4v-wffc-pfj3: Unspecified vulnerability in HP KeyView before 10
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881.
GHSA
Improper Input Validation in Spring Framework
ghsa·2021-04-30·CVSS 9.6
CVE-2020-5421 [CRITICAL] CWE-35 Improper Input Validation in Spring Framework
Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Red Hat
springframework: RFD protection bypass via jsessionid
vendor_redhat·2020-09-17·CVSS 9.6
CVE-2020-5421 [CRITICAL] springframework: RFD protection bypass via jsessionid
springframework: RFD protection bypass via jsessionid
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Statement: This issue does not affect the version of SpringFramework (embedded in rhvm-dependencies) shipped with Red Hat Virtualization, as it does not provide support for spring-web.
In Red Hat Gluster Storage 3, SpringFramework (embedded in rhvm-dependencies) was shipped as a part of Red Hat Glus
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/76457http://www.securitytracker.com/id/1033362http://www.zerodayinitiative.com/advisories/ZDI-15-400https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027http://www.securityfocus.com/bid/76457http://www.securitytracker.com/id/1033362http://www.zerodayinitiative.com/advisories/ZDI-15-400https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027
2015-08-24
Published