CVE-2015-6259

Cisco IMC Supervisor < 1.0.0.1 and UCS Director < 5.2.0.1 - Arbitrary File Write via JSP Component

Title source: llm
STIX 2.1

Description

The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and CSCus62625.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033451

Scores

EPSS 0.0282
EPSS Percentile 84.9%

Details

CWE
CWE-20
Status published
Products (11)
cisco/integrated_management_controller_supervisor < 1.0.0.0
cisco/unified_computing_system_director 3.4_base
cisco/unified_computing_system_director 4.0_base
cisco/unified_computing_system_director 4.1_base
cisco/unified_computing_system_director 5.0.0.0
cisco/unified_computing_system_director 5.0.0.1
cisco/unified_computing_system_director 5.0.0.2
cisco/unified_computing_system_director 5.0.0.3
cisco/unified_computing_system_director 5.1.0.0
cisco/unified_computing_system_director 5.1.0.1
... and 1 more
Published Sep 04, 2015
Tracked Since Feb 18, 2026