skyboxsecurity 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk cross-site scripting、vendor risk input validation, and vendor risk sql injection があり、vendor surface production workloads の利用場面で vendor impact unexpected behavior and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2015-9250 | An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | [email protected] | 7.5 | 1.75% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9249 | An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | [email protected] | 9.8 | 1.12% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9248 | An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | [email protected] | 5.4 | 0.52% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9247 | An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | [email protected] | 5.4 | 0.52% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9246 | An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. | [email protected] | 9.8 | 2.96% | 2018-01-12 | 2024-11-21 |
| CVE-2017-14773 | Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker. | [email protected] | 7.8 | 0.37% | 2017-10-03 | 2026-05-13 |
| CVE-2017-14772 | Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | [email protected] | 3.3 | 0.26% | 2017-10-03 | 2026-05-13 |
| CVE-2017-14771 | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | [email protected] | 5.5 | 0.29% | 2017-10-03 | 2026-05-13 |
| CVE-2017-14770 | Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. | [email protected] | 5.5 | 0.34% | 2017-10-03 | 2026-05-13 |
| CVE-2014-2084 | Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown. | [email protected] | 8.5 | 4.45% | 2014-05-17 | 2026-05-06 |