CVE-2016-2914

CWE-434Unrestricted File Upload3 documents3 sources
Severity
5.4MEDIUM
EPSS
1.1%
top 21.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Engineering Lifecycle Optimization - Publishing
Timeline
PublishedAug 8
Latest updateMay 17

Description

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-w4wp-6qmf-wvch: Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 22022-05-17
CVEList
CVE-2016-2914: Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 22016-08-08
CVE-2016-2914 (MEDIUM CVSS 5.4) | Unrestricted file upload vulnerabil | cvebase.io