Lucene search

IbmCVE-2014-6158

HistoryJan 10, 2015 - 2:59 a.m.

CVE-2014-6158

2015-01-1002:59:26

CWE-22

ibm

web.nvd.nist.gov

cve-2014-6158

directory traversal

ibm pureapplication system

file upload

remote code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Affected configurations

Nvd

Node

ibmpureapplication_systemMatch1.0.0.0

ibmpureapplication_systemMatch1.0.0.1

ibmpureapplication_systemMatch1.0.0.2

ibmpureapplication_systemMatch1.0.0.3

ibmpureapplication_systemMatch1.1.0.0

ibmpureapplication_systemMatch1.1.0.1

ibmpureapplication_systemMatch1.1.0.2

ibmpureapplication_systemMatch1.1.0.3

ibmpureapplication_systemMatch1.1.0.4

ibmpureapplication_systemMatch2.0.0.0

Node

ibmworkload_deployerMatch3.1.0.7

VendorProductVersionCPE
ibmpureapplication_system1.0.0.0cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*
ibmpureapplication_system1.0.0.1cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:*:*:*:*:*:*:*
ibmpureapplication_system1.0.0.2cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:*:*:*:*:*:*:*
ibmpureapplication_system1.0.0.3cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:*:*:*:*:*:*:*
ibmpureapplication_system1.1.0.0cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*
ibmpureapplication_system1.1.0.1cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*
ibmpureapplication_system1.1.0.2cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*
ibmpureapplication_system1.1.0.3cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*
ibmpureapplication_system1.1.0.4cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*
ibmpureapplication_system2.0.0.0cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	pureapplication_system	1.0.0.0	cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:::::::*
ibm	pureapplication_system	1.0.0.1	cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:::::::*
ibm	pureapplication_system	1.0.0.2	cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:::::::*
ibm	pureapplication_system	1.0.0.3	cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:::::::*
ibm	pureapplication_system	1.1.0.0	cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:::::::*
ibm	pureapplication_system	1.1.0.1	cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:::::::*
ibm	pureapplication_system	1.1.0.2	cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:::::::*
ibm	pureapplication_system	1.1.0.3	cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:::::::*
ibm	pureapplication_system	1.1.0.4	cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:::::::*
ibm	pureapplication_system	2.0.0.0	cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/61956

secunia.com/advisories/62032

www-01.ibm.com/support/docview.wss?uid=swg21693292

www-01.ibm.com/support/docview.wss?uid=swg21693440

exchange.xforce.ibmcloud.com/vulnerabilities/97707

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.004

Percentile

73.9%

JSON

Related for CVE-2014-6158