Lucene search
GitHub Advisory DatabaseGHSA-6H58-C7R7-G2HWHistoryMay 14, 2022 - 1:10 a.m.
UberFire Framework Improperly Restricts Paths
2022-05-1401:10:41
CWE-22
GitHub Advisory Database
github.com
4
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
86.0%
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
Affected configurations
Node
org.uberfire\uberfireMatchparent
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.uberfire:uberfire-parent | le | 0.3.1.Final |
Related
prion
prion
Design/Logic Flaw
2015-02-20 16:59:00
osv
osv
UberFire Framework Improperly Restricts Paths
2022-05-14 01:10:41
cvelist
cvelist
CVE-2014-8114
2015-02-20 16:00:00
cve
cve
CVE-2014-8114
2015-02-20 16:59:02
nvd
nvd
CVE-2014-8114
2015-02-20 16:59:02
redhat
redhat
(RHSA-2015:0234) Important: Red Hat JBoss BPM Suite 6.0.3 security update
2015-02-17 22:21:04
(RHSA-2015:0235) Important: Red Hat JBoss BRMS 6.0.3 security update
2015-02-17 22:22:40
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
86.0%
Related for GHSA-6H58-C7R7-G2HW