Skip to main content
CVE-2015-2166 MEDIUM POC THREAT This Month

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.6%.

Path Traversal Ericsson Drutt Mobile Service Delivery Platform
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
73.6%
Threat
4.7
CVE-2015-2167 MEDIUM POC This Month

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Ericsson Open Redirect Drutt Mobile Service Delivery Platform
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-2165 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Ericsson Drutt Mobile Service Delivery Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-1893 MEDIUM PATCH This Month

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM Privilege Escalation Websphere Datapower Xc10 Appliance Firmware
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2015-1601 MEDIUM PATCH This Month

Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Siemens Simatic Step 7
NVD
CVSS 2.0
6.8
EPSS
0.4%
CVE-2015-1843 MEDIUM This Month

The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Docker Red Hat Information Disclosure
NVD
CVSS 2.0
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy