CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5071
https://notcve.org/view.php?id=CVE-2015-5071
AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. AR System Mid Tier en el componente AR System Mid Tier versiones anteriores a 9.0 SP1 para BMC Remedy AR System Server, permite a usuarios autenticados remotos "navegar" en archivos arbitrarios por medio del parámetro __report del servlet del visor BIRT. • https://communities.bmc.com/docs/DOC-77816 https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5072
https://notcve.org/view.php?id=CVE-2015-5072
The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. El servlet BIRT Engine en el componente AR System Mid Tier versión anterior a 9.0 SP1, para BMC Remedy AR System Server, permite a usuarios autenticados remotos "navegar" en archivos locales arbitrarios por medio del parámetro __imageid. • https://communities.bmc.com/docs/DOC-77816 https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html • CWE-269: Improper Privilege Management •