Vulnerabilities > CVE-2015-7913 - Unspecified vulnerability in Tibbo Aggregate 5.21.02

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

tibbo

NVD

Published: 2015-11-21

Updated: 2015-11-23

Summary

ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Tibbo Tibbo Aggregate 5.21.02	1

References

http://zerodayinitiative.com/advisories/ZDI-15-572/
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01