Directory Traversal Vulnerabilities in IBM PureApplication System and Workload Deployer
CVE-2014-6158

Currently unrated

Key Information:

Vendor: IBM
Status: Pureapplication System
Vendor: CVE Published:; 10 January 2015

Summary

Multiple directory traversal vulnerabilities exist in the file-upload functionality of IBM PureApplication System and Workload Deployer, which allow remote authenticated users to manipulate file paths. This can lead to the execution of arbitrary code via components such as Script Packages, Add-Ons, or Emergency Fixes. The vulnerability affects several product versions, highlighting the need for prompt updates and security measures.

References

http://secunia.com/advisories/62032

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21693292

x_refsource_CONFIRM

http://secunia.com/advisories/61956

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 10, 2015
Vulnerability Reserved
Sep 2, 2014