CVE-2014-6182

{"id": "CVE-2014-6182", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-17T00:59:01.220", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21692540", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1031379", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98518", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21692540", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031379", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98518", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en una funci\u00f3n de exportaci\u00f3n en el centro de procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en una URL."}], "lastModified": "2024-11-21T02:13:55.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "161542A0-E919-4105-AD4F-C881ACF8D26B"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF8D1DC9-CB5E-4627-8689-B5FA7C5DE1C5"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32504DEB-7391-4452-BA2E-409959B24222"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F74820-DF10-499E-AF7A-93AC285843D1"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C12274F-495C-4E81-A317-E66916B0A2F7"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "783C2592-9669-4C75-9E63-C834482F6F8A"}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7021B830-3EE4-446D-8D87-BBD2097A023E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}