本頁列出影響 skyboxsecurity skybox_platform 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2015-9250 | An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | [email protected] | 7.5 | 1.75% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9249 | An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | [email protected] | 9.8 | 1.12% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9248 | An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | [email protected] | 5.4 | 0.52% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9247 | An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | [email protected] | 5.4 | 0.52% | 2018-01-12 | 2024-11-21 |
| CVE-2015-9246 | An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. | [email protected] | 9.8 | 2.96% | 2018-01-12 | 2024-11-21 |