CVE-2015-9250

Name of the Vulnerable Software and Affected Versions Skybox Platform versions prior to 7.5.201

Description An issue exists in the Skybox Platform, where Directory Traversal is possible. This issue affects the /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload API endpoints via the tempFileName parameter.

Recommendations For versions prior to 7.5.201, update to version 7.5.201 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload API endpoints to minimize the risk of exploitation. Avoid using the tempFileName parameter in these endpoints until the issue is resolved.