CVE-2014-2276

The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:emc:connectrix_manager:*:-:-:*:converged_network_edition:*:*:*

History

21 Nov 2024, 02:05

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html - () http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html -
References () http://secunia.com/advisories/57513 - () http://secunia.com/advisories/57513 -
References () http://www.securityfocus.com/bid/66308 - () http://www.securityfocus.com/bid/66308 -
References () http://www.securitytracker.com/id/1029939 - () http://www.securitytracker.com/id/1029939 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/91987 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/91987 -

Information

Published : 2014-03-21 14:55

Updated : 2024-11-21 02:05


NVD link : CVE-2014-2276

Mitre link : CVE-2014-2276

CVE.ORG link : CVE-2014-2276


JSON object : View

Products Affected

emc

  • connectrix_manager
CWE
CWE-264

Permissions, Privileges, and Access Controls