CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.5%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2015-5255

Adobe » Coldfusion » Version: 10.0

cpe:2.3:a:adobe:coldfusion:10.0
Adobe » Coldfusion » Version: 11.0

cpe:2.3:a:adobe:coldfusion:11.0
Adobe » Livecycle Data Services » Version: 3.0

cpe:2.3:a:adobe:livecycle_data_services:3.0
Adobe » Livecycle Data Services » Version: 4.5

cpe:2.3:a:adobe:livecycle_data_services:4.5
Adobe » Livecycle Data Services » Version: 4.6

cpe:2.3:a:adobe:livecycle_data_services:4.6
Adobe » Livecycle Data Services » Version: 4.7

cpe:2.3:a:adobe:livecycle_data_services:4.7
Hp » Xp7 Command View Advanced Edition » Version: N/A

cpe:2.3:a:hp:xp7_command_view_advanced_edition:-
Hp » Xp P9000 Command View Advanced Edition » Version: N/A

cpe:2.3:a:hp:xp_p9000_command_view_advanced_edition:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5255

Products

Pricing

Contact Us