CVE-2015-2854
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
30/05/2015
Last modified:
12/04/2025
Description
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv800_firmware:*:*:*:*:*:*:*:* | 3.8.3 (including) | |
| cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv1800_firmware:*:*:*:*:*:*:*:* | 3.8.3 (including) | |
| cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv2800_firmware:*:*:*:*:*:*:*:* | 3.8.3 (including) | |
| cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv2800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:blue_coat:ssl_visibility_appliance_sv3800_firmware:*:*:*:*:*:*:*:* | 3.8.3 (including) | |
| cpe:2.3:h:blue_coat:ssl_visibility_appliance_sv3800:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page