CVE-2015-9246

Name of the Vulnerable Software and Affected Versions Skybox Platform versions prior to 7.5.201

Description An issue exists in the software, allowing remote unauthenticated code execution. This is achieved by sending a WAR archive containing a JSP file to the "http://skyboxview-softwareupdate/services/CollectorSoftwareUpdate" API endpoint. The JSP file can then be reached at a specific path.

Recommendations For versions prior to 7.5.201, update to version 7.5.201 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview-softwareupdate/services/CollectorSoftwareUpdate API endpoint to minimize the risk of exploitation.