Directory Traversal Vulnerability in Lexmark Markvision Enterprise
CVE-2014-9375

Currently unrated

Key Information:

Vendor: Lexmark
Status: Markvision Enterprise
Vendor: CVE Published:; 16 February 2015

Summary

A directory traversal vulnerability exists in the LibraryFileUploadServlet of Lexmark Markvision Enterprise. This flaw allows remote authenticated users to manipulate file paths using '..' (dot dot) sequences, enabling them to write to and execute arbitrary files contained within a ZIP archive. Proper safeguards against such path traversal attacks are crucial to prevent unauthorized access and potential compromise of system integrity.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-046/

x_refsource_MISC

http://support.lexmark.com/index?page=content&id=TE677

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 16, 2015
Vulnerability Reserved
Dec 11, 2014