Vulnerability Details CVE-2015-2858
Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfirmEditAddressAction.do.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2015-2858
-
cpe:2.3:a:datalex:airline_booking_software:-