Unrestricted File Upload Vulnerability in IBM Rational Publishing Engine
CVE-2016-2914

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Rational Publishing Engine
Vendor: CVE Published:; 8 August 2016

Summary

An unrestricted file upload vulnerability exists in the Document Builder component of IBM Rational Publishing Engine versions 2.0.1 prior to ifix002. This flaw allows authenticated remote users to upload files with unexpected extensions, leading to potential arbitrary code execution. By bypassing the application's file upload restrictions, an attacker can upload malicious scripts or executables, jeopardizing the system's integrity and security. Organizations using affected versions should apply relevant patches immediately to mitigate the risk.

References

http://www.securityfocus.com/bid/92334

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21988263

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2016
Vulnerability Reserved
Mar 9, 2016