PT-2019-7192 · Axiomsl · Axiom
Dominique Righetto
·
Published
2019-04-03
·
Updated
2019-04-04
·
CVE-2015-5463
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AxiomSL's Axiom java applet module versions 9.5.3 and earlier
Description
The issue allows remote attackers to access data of other basic users through arbitrary SQL commands, perform horizontal and vertical privilege escalation, cause a Denial of Service on the global application, or write, read, or delete arbitrary files on the server hosting the application.
Recommendations
For versions 9.5.3 and earlier, update to a version later than 9.5.3 to resolve the issue.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axiom