Improper Access Control Affecting adobe-flashplugin package, versions <1:20150708.1-0trusty1


Severity

Recommended
0.0
medium
0
10

Based on Ubuntu security rating.

Threat Intelligence

EPSS
11.91% (96th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Access Control vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UBUNTU1404-ADOBEFLASHPLUGIN-393241
  • published9 Jul 2015
  • disclosed9 Jul 2015

Introduced: 9 Jul 2015

CVE-2015-5116  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade Ubuntu:14.04 adobe-flashplugin to version 1:20150708.1-0trusty1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream adobe-flashplugin package and not the adobe-flashplugin package as distributed by Ubuntu. See How to fix? for Ubuntu:14.04 relevant fixed versions and status.

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.

CVSS Scores

version 3.1