ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.
References
Link | Resource |
---|---|
http://zerodayinitiative.com/advisories/ZDI-15-572/ | |
https://ics-cert.us-cert.gov/advisories/ICSA-15-323-01 | Patch US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2015-11-21T11:00:00
Updated: 2015-11-21T03:57:01
Reserved: 2015-10-22T00:00:00
Link: CVE-2015-7913
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-11-21T11:59:25.923
Modified: 2015-11-23T15:36:25.857
Link: CVE-2015-7913
JSON object: View
Redhat Information
No data.
CWE