CVE-2015-7266

EUVD-2015-7197
The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
iabopen_real-time_bidding
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://media.pixalate.com/white-papers/xindi.pdf
http://media.pixalate.com/white-papers/xindi.pdf