CVE-2017-1000009

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-1000009
Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2 Patch Release Notes Third Party Advisory
https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes Patch Release Notes Third Party Advisory
https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2 Release Notes Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:akeneo:product_information_management:1.4.0:-:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta2:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta3:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.9:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.10:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.11:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.12:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.13:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.14:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.15:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.16:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.17:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.18:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.19:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.20:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.21:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.22:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.23:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.24:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.25:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.26:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.27:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:-:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:alpha1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:beta1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.9:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.10:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.11:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.12:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.13:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.14:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:-:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha2:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:rc1:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.5:*:*:*:enterprise:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:akeneo:product_information_management:1.4.0:-:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta2:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:beta3:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.0:rc1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.1:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.2:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.3:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.4:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.5:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.6:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.7:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.8:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.9:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.10:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.11:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.12:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.13:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.14:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.15:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.16:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.17:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.18:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.19:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.20:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.21:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.22:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.23:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.24:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.25:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.26:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.4.27:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:-:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:alpha1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:beta1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.0:rc1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.1:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.2:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.3:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.4:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.5:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.6:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.7:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.8:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.9:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.10:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.11:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.12:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.13:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.5.14:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:-:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha2:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.0:rc1:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.1:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.2:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.3:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.4:*:*:*:community:*:*:*
cpe:2.3:a:akeneo:product_information_management:1.6.5:*:*:*:community:*:*:*
History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-28 16:04

NVD link : CVE-2017-1000009

Mitre link : CVE-2017-1000009

CVE.ORG link : CVE-2017-1000009

JSON object : View

Products Affected

akeneo

  • product_information_management
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')