Directory Traversal Vulnerability in hybris Commerce Software Suite
CVE-2014-8871

7.5HIGH

Key Information:

Vendor

SAP
Status
Hybris
Vendor
CVE Published:
28 August 2017

What is CVE-2014-8871?

A directory traversal vulnerability exists in the hybris Commerce software suite, allowing attackers to access restricted files on the server. This security flaw affects multiple versions of the software, enabling unauthorized access to sensitive data through manipulated file paths. Proper security measures should be implemented to validate user input and restrict unauthorized file access to protect against potential exploitation.

References

http://www.securityfocus.com/archive/1/534722/100/1600/th...
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2015/Feb/63
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/72681
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.