CVE-2014-6158

Current Description

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Basic Data

PublishedJanuary 10, 2015
Last ModifiedSeptember 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmPureapplication System1.0.0.0*******
    2.3ApplicationIbmPureapplication System1.0.0.1*******
    2.3ApplicationIbmPureapplication System1.0.0.2*******
    2.3ApplicationIbmPureapplication System1.0.0.3*******
    2.3ApplicationIbmPureapplication System1.1.0.0*******
    2.3ApplicationIbmPureapplication System1.1.0.1*******
    2.3ApplicationIbmPureapplication System1.1.0.2*******
    2.3ApplicationIbmPureapplication System1.1.0.3*******
    2.3ApplicationIbmPureapplication System1.1.0.4*******
    2.3ApplicationIbmPureapplication System2.0.0.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmWorkload Deployer3.1.0.7*******

Vulnerable Software List

VendorProductVersions
Ibm Workload Deployer 3.1.0.7
Ibm Pureapplication System 1.0.0.0, 1.0.0.1, 1.0.0.2, 1.0.0.3, 1.1.0.0, 1.1.0.1, 1.1.0.2, 1.1.0.3, 1.1.0.4, 2.0.0.0

References

NameSourceURLTags
61956http://secunia.com/advisories/61956SECUNIA
62032http://secunia.com/advisories/62032SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21693292http://www-01.ibm.com/support/docview.wss?uid=swg21693292CONFIRMPATCH Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21693440http://www-01.ibm.com/support/docview.wss?uid=swg21693440CONFIRMPATCH Vendor Advisory
ibm-pas-cve20146158-traversal(97707)https://exchange.xforce.ibmcloud.com/vulnerabilities/97707XF