Unrated severityNVD Advisory· Published Sep 18, 2015· Updated Jun 17, 2026
CVE-2015-6459
CVE-2015-6459
Description
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*range: <=3.1.3
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*range: <=3.1.3
- Range: <3.1.5
- Range: <3.1.5
Patches
Vulnerability mechanics
References
3- www.gedigitalenergy.com/app/resources.aspxnvdVendor Advisory
- ics-cert.us-cert.gov/advisories/ICSA-15-258-03nvdThird Party AdvisoryUS Government Resource
- zerodayinitiative.com/advisories/ZDI-15-439/nvd
News mentions
0No linked articles in our index yet.