CVE-2014-6158

CWE-22Path Traversal3 documents3 sources
Severity
9.0CRITICAL
EPSS
2.4%
top 15.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Pureapplication SystemIBM Workload Deployer
Timeline
PublishedJan 10
Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages2 packages

NVDibm/pureapplication_system10 versions+9

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8766-gcgx-53wx: Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 12022-05-17
CVEList
CVE-2014-6158: Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 12015-01-10
CVE-2014-6158 (CRITICAL CVSS 9) | Multiple directory traversal vulner | cvebase.io