Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-6158

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2014-6158
Last Modified 12 Jan 2015 07:50:59
Published 09 Jan 2015 09:59:26
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-6158

Summary

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Vulnerable Systems

Application

  • Ibm Pureapplication System 1.0.0.0

  • Ibm Pureapplication System 1.0.0.1

  • Ibm Pureapplication System 1.0.0.2

  • Ibm Pureapplication System 1.0.0.3

  • Ibm Pureapplication System 1.1.0.0

  • Ibm Pureapplication System 1.1.0.1

  • Ibm Pureapplication System 1.1.0.2

  • Ibm Pureapplication System 1.1.0.3

  • Ibm Pureapplication System 1.1.0.4

  • Ibm Pureapplication System 2.0.0.0

  • Ibm Workload Deployer 3.1.0.7


References

XF - ibm-pas-cve20146158-traversal(97707)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21693440

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21693292


Last Updated: 27 May 2016 11:07:29