Remote Command Execution in IBM Security AppScan Enterprise
CVE-2014-6122

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan; Security Appscan Source
Vendor: CVE Published:; 23 December 2014

Summary

IBM Security AppScan Enterprise versions prior to certain IFix updates are vulnerable to an issue that permits remote authenticated users to write to arbitrary folders on the system. This flaw can be exploited by leveraging specially crafted arguments that compromise the application's functionality, leading to the execution of arbitrary commands. As a result, an attacker could potentially gain unauthorized access to sensitive data or execute malicious operations within the affected environment.

References

http://www.securitytracker.com/id/1031427

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/96723

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21693035

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Sep 2, 2014