{"api_version":"1","generated_at":"2026-04-22T23:21:39+00:00","cve":"CVE-2015-0297","urls":{"html":"https://cve.report/CVE-2015-0297","api":"https://cve.report/api/cve/CVE-2015-0297.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-0297","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-0297"},"summary":{"title":"CVE-2015-0297","description":"Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2015-04-24 14:59:00","updated_at":"2015-10-05 21:33:00"},"problem_types":["CWE-284"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-0862.html","name":"RHSA-2015:0862","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1032181","name":"1032181","refsource":"SECTRACK","tags":[],"title":"Red Hat JBoss Operations Network API Lets Remote Users Execute Arbitrary Java Methods and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-0297","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0297","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"297","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_operations_network","cpe6":"3.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"297","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_operations_network","cpe6":"3.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2015-0297","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2015-0862.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2015-0862.html"},{"url":"http://www.securitytracker.com/id/1032181","refsource":"MISC","name":"http://www.securitytracker.com/id/1032181"}]}},"nvd":{"publishedDate":"2015-04-24 14:59:00","lastModifiedDate":"2015-10-05 21:33:00","problem_types":["CWE-284"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":9},"severity":"HIGH","exploitabilityScore":10,"impactScore":8.5,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"297","Ordinal":"76321","Title":"CVE-2015-0297","CVE":"CVE-2015-0297","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"297","Ordinal":"1","NoteData":"Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"297","Ordinal":"2","NoteData":"2015-04-24","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"297","Ordinal":"3","NoteData":"2015-04-29","Type":"Other","Title":"Modified"}]}}}