CVE-2014-6154

CWE-22Path Traversal3 documents3 sources
Severity
7.8HIGH
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Optim Performance Manager
Timeline
PublishedFeb 13
Latest updateMay 17

Description

Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDibm/optim_performance_manager4.1.1, 4.1.1.1, 5.1.0+2

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mx65-7mhj-j2wm: Directory traversal vulnerability in IBM Optim Performance Manager for DB2 42022-05-17
CVEList
CVE-2014-6154: Directory traversal vulnerability in IBM Optim Performance Manager for DB2 42015-02-13
CVE-2014-6154 (HIGH CVSS 7.8) | Directory traversal vulnerability i | cvebase.io