CVE-2014-6158

{"id": "CVE-2014-6158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-10T02:59:26.380", "references": [{"url": "http://secunia.com/advisories/61956", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/62032", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693292", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693440", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97707", "source": "psirt@us.ibm.com"}, {"url": "http://secunia.com/advisories/61956", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/62032", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693292", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693440", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97707", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades del salto de directorio en la caracteristica de la subida de ficheros en IBM PureApplication System 1.0 anterior a 1.0.0.4 iFix 10, 1.1 anterior a 1.1.0.5, y 2.0 anterior a 2.0.0.1 y Workload Deployer 3.1.0.7 anterior a IF5 permiten a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un componente (1) Script Package, (2) Add-On, o (3) Emergency Fixes."}], "lastModified": "2024-11-21T02:13:52.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D7AB60B-E38B-42C7-B785-D9520C1F5564"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F1E692-07AD-4694-A387-A27B35BA3C6E"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BDCFEF-A68F-45C3-83BA-A8414456D458"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88D35F2-FB42-4DED-B8FA-F0357CA97591"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D657332-C9B9-4E7B-89D9-5AEF3501141A"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36D4ED9-CFF0-4196-A130-E0C47B69967F"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0886278-57ED-4925-8FE4-B2873F1D9D7B"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95EC7D5B-53FA-463C-AAB9-C4AF7383B5DF"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A583AB8-CF8F-4376-B72C-DD32F8A2A173"}, {"criteria": "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "575894EE-F13C-4D56-8B63-59A379F63BD2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:workload_deployer:3.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3575BEC-4ECD-495D-AA26-ADE332DF3DF6"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}