CVE-2015-3435 : Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute ar

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

Published 2015-05-01 15:59:08

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2015-3435

Samsung » Samsung Security Manager
Versions up to, including, (<=) 1.30
cpe:2.3:a:samsung:samsung_security_manager:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-3435

EPSS FAQ

7.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-3435

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-3435

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3435

http://www.zerodayinitiative.com/advisories/ZDI-15-157/

ZDI-15-157 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-156/

ZDI-15-156 | Zero Day Initiative
http://www.securityfocus.com/bid/74400

Samsung Security Manager ActiveMQ Broker Service Multiple Remote Code Execution Vulnerabilities

Jump to

Vulnerability Details : CVE-2015-3435

Products affected by CVE-2015-3435

Exploit prediction scoring system (EPSS) score for CVE-2015-3435

CVSS scores for CVE-2015-3435

CWE ids for CVE-2015-3435

References for CVE-2015-3435