CVE-2015-3098

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102.

References

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html

http://rhn.redhat.com/errata/RHSA-2015-1086.html

http://www.securityfocus.com/bid/75080

http://www.securitytracker.com/id/1032519

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

https://security.gentoo.org/glsa/201506-01

Details

Source: MITRE

Published: 2015-06-10

Updated: 2016-12-31

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
8835Adobe AIR < 18.0.0.144 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
8814Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) Nessus Network MonitorWeb Clients
high
8813Flash Player < 13.0.0.292 / 18.0.0.160 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
84315GLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
8783Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
84207SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1064-1)NessusSuSE Local Security Checks
critical
84162Adobe AIR for Mac <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)NessusMacOS X Local Security Checks
critical
84158Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical
84147SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1043-1)NessusSuSE Local Security Checks
critical
84135openSUSE Security Update : Adobe Flash Player (openSUSE-2015-412)NessusSuSE Local Security Checks
critical
84132FreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)NessusFreeBSD Local Security Checks
critical
84111RHEL 5 / 6 : flash-plugin (RHSA-2015:1086)NessusRed Hat Local Security Checks
critical
84052MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
84051Google Chrome < 43.0.2357.124 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
84050Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11) (Mac OS X)NessusMacOS X Local Security Checks
critical
84049Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessusWindows
critical
84048Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical