The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
References
Configurations
History
21 Nov 2024, 02:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html - | |
References | () http://secunia.com/advisories/57513 - | |
References | () http://www.securityfocus.com/bid/66308 - | |
References | () http://www.securitytracker.com/id/1029939 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/91987 - |
Information
Published : 2014-03-21 14:55
Updated : 2024-11-21 02:05
NVD link : CVE-2014-2276
Mitre link : CVE-2014-2276
CVE.ORG link : CVE-2014-2276
JSON object : View
Products Affected
emc
- connectrix_manager
CWE
CWE-264
Permissions, Privileges, and Access Controls