{"api_version":"1","generated_at":"2026-05-05T11:15:38+00:00","cve":"CVE-2015-4546","urls":{"html":"https://cve.report/CVE-2015-4546","api":"https://cve.report/api/cve/CVE-2015-4546.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-4546","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-4546"},"summary":{"title":"CVE-2015-4546","description":"Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.","state":"PUBLIC","assigner":"security_alert@emc.com","published_at":"2015-10-02 02:59:00","updated_at":"2016-12-08 18:50:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1033671","name":"1033671","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"RSA Certificate Manager and Registration Manager Input Validation Flaw in OneStep Component Lets Remote Users Traverse the Directory to View Files on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/133784/RSA-OneStep-6.9-Path-Traversal.html","name":"http://packetstormsecurity.com/files/133784/RSA-OneStep-6.9-Path-Traversal.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"RSA OneStep 6.9 Path Traversal ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/bugtraq/2015/Sep/135","name":"20150929 ESA-2015-151: RSA OneStep Path Traversal Vulnerability","refsource":"BUGTRAQ","tags":["Third Party Advisory","VDB Entry"],"title":"Bugtraq: ESA-2015-151: RSA® OneStep Path Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-4546","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4546","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"4546","vulnerable":"1","versionEndIncluding":"6.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_certificate_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"4546","vulnerable":"1","versionEndIncluding":"6.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"emc","cpe5":"rsa_onestep","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security_alert@emc.com","ID":"CVE-2015-4546","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20150929 ESA-2015-151: RSA OneStep Path Traversal Vulnerability","refsource":"BUGTRAQ","url":"http://seclists.org/bugtraq/2015/Sep/135"},{"name":"http://packetstormsecurity.com/files/133784/RSA-OneStep-6.9-Path-Traversal.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/133784/RSA-OneStep-6.9-Path-Traversal.html"},{"name":"1033671","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1033671"}]}},"nvd":{"publishedDate":"2015-10-02 02:59:00","lastModifiedDate":"2016-12-08 18:50:00","problem_types":["CWE-22"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_certificate_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:emc:rsa_onestep:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"4546","Ordinal":"81523","Title":"CVE-2015-4546","CVE":"CVE-2015-4546","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"4546","Ordinal":"1","NoteData":"Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"4546","Ordinal":"2","NoteData":"2015-10-01","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"4546","Ordinal":"3","NoteData":"2016-12-06","Type":"Other","Title":"Modified"}]}}}