Main Vulnerability Database Vulnerabilities #VU40755

Permissions, Privileges, and Access Controls in NetCharts Server - CVE-2015-4032

Published: May 29, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40755

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-4032

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Visual Mining, Inc.

Affected software:
NetCharts Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.

How to mitigate CVE-2015-4032

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/74788
http://www.zerodayinitiative.com/advisories/ZDI-15-238/

Permissions, Privileges, and Access Controls in NetCharts Server - CVE-2015-4032

Detailed vulnerability description

How to mitigate CVE-2015-4032

Sources

Please verify you're human