CVE-2015-6861

Published Jan 5, 2016

Last updated 8 years ago

CVSS high 7.5

Overview

Description: HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "824E50DE-8C83-4761-876D-C19FA25AC5E2"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "300B5D1C-419D-49A2-93BE-F4CC43D41407"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0E3EDA2-578C-458C-9C70-0E107AFB3509"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75C8E8B6-0324-4622-A362-8F118E0FD682"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5215E04-773F-49E3-83C3-C00B65484674"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3722B29B-DFAC-4C45-92DE-AA2825A47C4C"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D15C2D1D-88B0-4D5A-B10C-E5E6CC3DA655"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F691916-35E0-44AE-A892-7B76320DD9D7"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A00D8228-59F3-430A-BC8B-95E16591B597"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42FE8117-5730-4F9B-8BBF-5C25BB174AB4"
          },
          {
            "criteria": "cpe:2.3:a:eucalyptus:eucalyptus:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C43CF85C-9F9A-402A-ACF7-3C52A0618F13"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References