CVE-2015-7913

ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://zerodayinitiative.com/advisories/ZDI-15-572/
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01	Patch US Government Resource
http://zerodayinitiative.com/advisories/ZDI-15-572/
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01	Patch US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:tibbo:aggregate:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type	Values Removed	Values Added
References	~~() http://zerodayinitiative.com/advisories/ZDI-15-572/ -~~	() http://zerodayinitiative.com/advisories/ZDI-15-572/ -
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 - Patch, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 - Patch, US Government Resource

Information

Published : 2015-11-21 11:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-7913

Mitre link : CVE-2015-7913

CVE.ORG link : CVE-2015-7913

JSON object : View

Products Affected

tibbo

aggregate

CWE

NVD-CWE-Other

{"id": "CVE-2015-7913", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-21T11:59:25.923", "references": [{"url": "http://zerodayinitiative.com/advisories/ZDI-15-572/", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01", "tags": ["Patch", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-15-572/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01", "tags": ["Patch", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class."}, {"lang": "es", "value": "ag_server_service.exe en el AggreGate Server Service en Tibbo AggreGate en versiones anteriores a 5.30.06 permite a usuarios locales ejecutar c\u00f3digo Java arbitrario con privilegios SYSTEM mediante el uso del m\u00e9todo de despliegue Apache Axis AdminService para publicar una clase."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibbo:aggregate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD2918B5-42D4-4E7A-B2E8-E35A0415F51B", "versionEndIncluding": "5.21.02"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/434.html\">CWE-434: Unrestricted Upload of File with Dangerous Type</a>", "sourceIdentifier": "ics-cert@hq.dhs.gov"}