CVE-2015-0795

Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-15-340/
https://www.netiq.com/support/kb/doc.php?id=7016656
http://www.zerodayinitiative.com/advisories/ZDI-15-340/
https://www.netiq.com/support/kb/doc.php?id=7016656

Configurations

Configuration 1 (hide)

cpe:2.3:a:microfocus:security_solutions_for_iseries:8.1:*:*:*:*:*:*:*

History

21 Nov 2024, 02:23

Type	Values Removed	Values Added
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-15-340/ -~~	() http://www.zerodayinitiative.com/advisories/ZDI-15-340/ -
References	~~() https://www.netiq.com/support/kb/doc.php?id=7016656 -~~	() https://www.netiq.com/support/kb/doc.php?id=7016656 -

Information

Published : 2015-07-18 10:59

Updated : 2024-11-21 02:23

NVD link : CVE-2015-0795

Mitre link : CVE-2015-0795

CVE.ORG link : CVE-2015-0795

JSON object : View

Products Affected

microfocus

security_solutions_for_iseries

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2015-0795", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-07-18T10:59:00.087", "references": [{"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-340/", "source": "security@opentext.com"}, {"url": "https://www.netiq.com/support/kb/doc.php?id=7016656", "source": "security@opentext.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-340/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netiq.com/support/kb/doc.php?id=7016656", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699."}, {"lang": "es", "value": "M\u00faltiple desbordamiento de pila del buffer en el m\u00e9todo SafeShellExecute en NestlQ Security Solutions para iSeries 8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de largos argumentos, tambi\u00e9n conocidos como ZDI-CAN-2699."}], "lastModified": "2024-11-21T02:23:43.437", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:security_solutions_for_iseries:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D548DC2-D747-42D8-AEAC-00336E0CA95D"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}

6.8 /10