CVE-2014-4767Code Injection in IBM Websphere Application Server

CWE-94Code Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
1.1%
top 22.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedAug 22
Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xf62-jcfh-x4qm: IBM WebSphere Application Server (WAS) Liberty Profile 82022-05-17
CVEList
CVE-2014-4767: IBM WebSphere Application Server (WAS) Liberty Profile 82014-08-22
CVE-2014-4767 — Code Injection in IBM | cvebase