CVE-2015-5072

The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
bmcremedy_ar_system_server
8.0
bmcremedy_ar_system_server
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://communities.bmc.com/docs/DOC-77816
https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html
https://communities.bmc.com/docs/DOC-77816
https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html