CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3897

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.526

EPSS Ranking 97.8%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2015-3897

Bonitasoft » Bonita Bpm Portal » Version: 5.10

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.10
Bonitasoft » Bonita Bpm Portal » Version: 5.10.2

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.10.2
Bonitasoft » Bonita Bpm Portal » Version: 5.6

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.6
Bonitasoft » Bonita Bpm Portal » Version: 5.7

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.7
Bonitasoft » Bonita Bpm Portal » Version: 5.8

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.8
Bonitasoft » Bonita Bpm Portal » Version: 5.9

cpe:2.3:a:bonitasoft:bonita_bpm_portal:5.9
Bonitasoft » Bonita Bpm Portal » Version: 6.0

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.0
Bonitasoft » Bonita Bpm Portal » Version: 6.1

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.1
Bonitasoft » Bonita Bpm Portal » Version: 6.2

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.2
Bonitasoft » Bonita Bpm Portal » Version: 6.3

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.3
Bonitasoft » Bonita Bpm Portal » Version: 6.4

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.4
Bonitasoft » Bonita Bpm Portal » Version: 6.5

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.5
Bonitasoft » Bonita Bpm Portal » Version: 6.5.2

cpe:2.3:a:bonitasoft:bonita_bpm_portal:6.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3897

Products

Pricing

Contact Us