Sign-up

ID

VAR-201501-0481


CVE

CVE-2015-0424


TITLE

Oracle Sun Systems Products Suite of Integrated Lights Out Manager In IPMI Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-001202

DESCRIPTION

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'SSL/TLS' protocol. The 'IPMI' sub component is affected. This vulnerability affects the following supported versions: ILOM prior to 3.2.4. It can manage and monitor components installed in the server, and remotely manage the server. A remote attacker could exploit this vulnerability to read, update, insert, or delete data, possibly causing a denial of service. Affects the confidentiality, integrity and availability of data

Trust: 1.98

sources: NVD: CVE-2015-0424 // JVNDB: JVNDB-2015-001202 // BID: 72181 // VULHUB: VHN-78370

AFFECTED PRODUCTS

vendor:oraclemodel:integrated lights out managerscope:lteversion:3.2.3

Trust: 1.0

vendor:oraclemodel:integrated lights out managerscope:ltversion:3.2.4

Trust: 0.8

vendor:oraclemodel:integrated lights out managerscope:eqversion:3.2.3

Trust: 0.6

sources: JVNDB: JVNDB-2015-001202 // CNNVD: CNNVD-201501-543 // NVD: CVE-2015-0424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0424
value: HIGH

Trust: 1.0

NVD: CVE-2015-0424
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201501-543
value: HIGH

Trust: 0.6

VULHUB: VHN-78370
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-0424
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78370
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78370 // JVNDB: JVNDB-2015-001202 // CNNVD: CNNVD-201501-543 // NVD: CVE-2015-0424

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-0424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-543

TYPE

Unknown

Trust: 0.3

sources: BID: 72181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001202

PATCH
title:Oracle Critical Patch Update Advisory - January 2015url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - January 2015 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
Trust: 0.8
title:January 2015 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001202

EXTERNAL IDS
db:NVDid:CVE-2015-0424
Trust: 2.8
db:BIDid:72181
Trust: 1.4
db:SECTRACKid:1031594
Trust: 1.1
db:JVNDBid:JVNDB-2015-001202
Trust: 0.8
db:CNNVDid:CNNVD-201501-543
Trust: 0.7
db:VULHUBid:VHN-78370
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78370 // 
            
            
            
            BID: 72181 // 
            
            
            
            JVNDB: JVNDB-2015-001202 // 
            
            
            
            CNNVD: CNNVD-201501-543 // 
            
            
            
            NVD: CVE-2015-0424

REFERENCES
url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Trust: 2.0
url:http://www.securityfocus.com/bid/72181
Trust: 1.1
url:http://www.securitytracker.com/id/1031594
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/100158
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0424
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0424
Trust: 0.8
url:http://www.oracle.com/index.html
Trust: 0.3
url:https://downloads.avaya.com/css/p8/documents/101006722
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78370 // 
            
            
            
            BID: 72181 // 
            
            
            
            JVNDB: JVNDB-2015-001202 // 
            
            
            
            CNNVD: CNNVD-201501-543 // 
            
            
            
            NVD: CVE-2015-0424

CREDITS
Oracle
Trust: 0.3
sources:
            
            
            BID: 72181

SOURCES
db:VULHUBid:VHN-78370
db:BIDid:72181
db:JVNDBid:JVNDB-2015-001202
db:CNNVDid:CNNVD-201501-543
db:NVDid:CVE-2015-0424

LAST UPDATE DATE
2024-11-23T21:01:41.606000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78370date:2017-09-08T00:00:00
db:BIDid:72181date:2015-04-16T17:57:00
db:JVNDBid:JVNDB-2015-001202date:2015-01-26T00:00:00
db:CNNVDid:CNNVD-201501-543date:2015-01-22T00:00:00
db:NVDid:CVE-2015-0424date:2024-11-21T02:23:03.070

SOURCES RELEASE DATE
db:VULHUBid:VHN-78370date:2015-01-21T00:00:00
db:BIDid:72181date:2015-01-20T00:00:00
db:JVNDBid:JVNDB-2015-001202date:2015-01-26T00:00:00
db:CNNVDid:CNNVD-201501-543date:2015-01-22T00:00:00
db:NVDid:CVE-2015-0424date:2015-01-21T19:59:10.827