CVE-2015-7913 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2015-7913?

CVE-2015-7913 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7913?

Check the references section above for vendor advisories and patch information. Affected products include: Tibbo Aggregate.

Vulnerability Description

ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Tibbo	Aggregate	<= 5.21.02

References

http://zerodayinitiative.com/advisories/ZDI-15-572/
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01PatchUS Government Resource
http://zerodayinitiative.com/advisories/ZDI-15-572/
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01PatchUS Government Resource

FAQ

What is CVE-2015-7913?

CVE-2015-7913 is a vulnerability with a CVSS score of 7.2 (HIGH). ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService d...

How severe is CVE-2015-7913?

CVE-2015-7913 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7913?

Check the references section above for vendor advisories and patch information. Affected products include: Tibbo Aggregate.