CVE-2014-6158

Sažetak

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Reference

http://secunia.com/advisories/61956
http://secunia.com/advisories/62032
http://www-01.ibm.com/support/docview.wss?uid=swg21693292
http://www-01.ibm.com/support/docview.wss?uid=swg21693440
https://exchange.xforce.ibmcloud.com/vulnerabilities/97707

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-09-2017 - 01:29

Objavljeno

10-01-2015 - 02:59