Vulnerability Details CVE-2015-6259
The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.3%
CVSS Severity
CVSS v2 Score 9.4
References
Products affected by CVE-2015-6259
-
cpe:2.3:a:cisco:integrated_management_controller_supervisor:1.0.0.0
-
cpe:2.3:a:cisco:unified_computing_system_director:-
-
cpe:2.3:a:cisco:unified_computing_system_director:3.4_base
-
cpe:2.3:a:cisco:unified_computing_system_director:4.0_base
-
cpe:2.3:a:cisco:unified_computing_system_director:4.1_base
-
cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.0
-
cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.1
-
cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.2
-
cpe:2.3:a:cisco:unified_computing_system_director:5.0.0.3
-
cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.0
-
cpe:2.3:a:cisco:unified_computing_system_director:5.1.0.1