CVE-2014-5393

Sažetak

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.

Reference

http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html
http://www.christian-schneider.net/advisories/CVE-2014-5393.txt
http://www.securityfocus.com/archive/1/533373/100/0/threaded
http://www.sos-berlin.com/modules/news/article.php?storyid=73
http://www.sos-berlin.com/modules/news/article.php?storyid=74
https://change.sos-berlin.com/browse/JS-1205
https://exchange.xforce.ibmcloud.com/vulnerabilities/95796

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:50

Objavljeno

11-09-2014 - 15:55