CVE-2014-6158

Currently unrated

Key Information:

Vendor: IBM
Status: Pureapplication System
Vendor: CVE Published:; 10 January 2015

Summary

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

References

http://secunia.com/advisories/62032

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21693292

x_refsource_CONFIRM

http://secunia.com/advisories/61956

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 10, 2015
Vulnerability Reserved
Sep 2, 2014