Unrestricted File Upload Vulnerability in IBM Algo One UDS Software
CVE-2013-6332

Currently unrated

Key Information:

Vendor: IBM
Status: Algo One
Vendor: CVE Published:; 6 February 2014

Summary

The vulnerability in IBM Algo One UDS versions 4.7.0 and 5.0.0 is characterized by the ability of remote authenticated users to upload arbitrary files. Specifically, this flaw allows the upload of .jsp files without proper validation. Once uploaded, these files can be executed, leading to unauthorized code execution on the server. This critical weakness compromises the security integrity of the application, potentially exposing sensitive data and enabling further exploitation.

References

http://www.ibm.com/support/docview.wss?uid=swg21663820

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/89023

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 6, 2014
Vulnerability Reserved
Oct 31, 2013