Remote Code Execution Vulnerability in IBM Tealeaf CX Web Console
CVE-2013-6719

Currently unrated

Key Information:

Vendor: IBM
Status: Tealeaf Cx
Vendor: CVE Published:; 6 March 2014

Summary

The Passive Capture Application (PCA) web console in IBM Tealeaf CX contains a security flaw in the delivery.php script, which allows remote authenticated users to execute arbitrary commands. This vulnerability is triggered by the improper handling of the testconn_host parameter, where shell metacharacters can be injected, leading to command execution vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89228

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/32546

exploitx_refsource_EXPLOIT-DB

https://tealeaf.support.ibmcloud.com/FileManagement/Downl...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
Nov 8, 2013