Lucene search

IbmCVE-2016-2914

HistoryAug 08, 2016 - 1:59 a.m.

CVE-2016-2914

2016-08-0801:59:09

CWE-434

ibm

web.nvd.nist.gov

cve-2016-2914

rpeng

file upload

vulnerability

ibm rational publishing engine

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

Affected configurations

Nvd

Node

ibmrational_publishing_engineMatch2.0.1

VendorProductVersionCPE
ibmrational_publishing_engine2.0.1cpe:2.3:a:ibm:rational_publishing_engine:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	rational_publishing_engine	2.0.1	cpe:2.3:a:ibm:rational_publishing_engine:2.0.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21988263

www.securityfocus.com/bid/92334

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Related for CVE-2016-2914