Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c99r-m2v5-zqa3
Vulnerability ID VCID-c99r-m2v5-zqa3
Aliases CVE-2015-5299
Summary The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
Status Published
Exploitability 0.5
Weighted Severity 0.1
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-862 Missing Authorization
System Score Found at
epss 0.09138 https://api.first.org/data/v1/epss?cve=CVE-2015-5299
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5299.json
https://api.first.org/data/v1/epss?cve=CVE-2015-5299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8467
1276126 https://bugzilla.redhat.com/show_bug.cgi?id=1276126
GLSA-201612-47 https://security.gentoo.org/glsa/201612-47
RHSA-2016:0006 https://access.redhat.com/errata/RHSA-2016:0006
RHSA-2016:0010 https://access.redhat.com/errata/RHSA-2016:0010
RHSA-2016:0011 https://access.redhat.com/errata/RHSA-2016:0011
RHSA-2016:0015 https://access.redhat.com/errata/RHSA-2016:0015
RHSA-2016:0016 https://access.redhat.com/errata/RHSA-2016:0016
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.92829
EPSS Score 0.09138
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:10:38.974556+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0