Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9375

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2014-9375
Last Modified 17 Feb 2015 03:16:18
Published 16 Feb 2015 10:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9375

Summary

Directory traversal vulnerability in the LibraryFileUploadServlet servlet in Lexmark Markvision Enterprise allows remote authenticated users to write to and execute arbitrary files via a .. (dot dot) in a file path in a ZIP archive.

Vulnerable Systems

Application

  • Lexmark Markvision Enterprise -


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-15-046/

CONFIRM - http://support.lexmark.com/index?page=content&id=TE677


Last Updated: 27 May 2016 11:07:50