Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2015-5571

Published

8 years ago

Last Modified

7 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: None

Products Affected

CPE	Affected	Excluding
cpe:2.3:a:adobe:flash_player::::::::	Yes	-
cpe:2.3:o:linux:linux_kernel::::::::	No	-
cpe:2.3:a:adobe:air::::::::	Yes	-
cpe:2.3:a:adobe:air_sdk::::::::	Yes	-
cpe:2.3:a:adobe:air_sdk_\&_compiler::::::::	Yes	-
cpe:2.3:o:apple:mac_os_x::::::::	No	-
cpe:2.3:o:microsoft:windows::::::::	No	-
cpe:2.3:a:adobe:flash_player::::::::	Yes	-
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:17.0.0.134:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:17.0.0.169:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:17.0.0.188:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:17.0.0.190:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:17.0.0.191:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:18.0.0.160:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:18.0.0.194:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:18.0.0.203:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:18.0.0.209:::::::*	Yes	-
cpe:2.3:a:adobe:flash_player:18.0.0.232:::::::*	Yes	-
cpe:2.3:o:apple:mac_os_x::::::::	No	-
cpe:2.3:o:microsoft:windows::::::::	No	-
cpe:2.3:a:adobe:air::::::::	Yes	-
cpe:2.3:o:google:android::::::::	No	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2015-5571

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

CVSSv2.0 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2015-5571

CVE information

Published

Last Modified

CVSSv2.0 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

Products Affected

References