CVE-2014-6158: Path Traversal
First published: Sat Jan 10 2015(Updated: )
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM PureApplication System | =1.0.0.0 | |
| IBM PureApplication System | =1.0.0.1 | |
| IBM PureApplication System | =1.0.0.2 | |
| IBM PureApplication System | =1.0.0.3 | |
| IBM PureApplication System | =1.1.0.0 | |
| IBM PureApplication System | =1.1.0.1 | |
| IBM PureApplication System | =1.1.0.2 | |
| IBM PureApplication System | =1.1.0.3 | |
| IBM PureApplication System | =1.1.0.4 | |
| IBM PureApplication System | =2.0.0.0 | |
| IBM Workload Deployer | =3.1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6158?
The severity of CVE-2014-6158 is classified as high due to the potential for remote code execution.
How do I fix CVE-2014-6158?
To fix CVE-2014-6158, update IBM PureApplication System to versions 1.0.0.4 or later, 1.1.0.5 or later, or 2.0.0.1 or later.
Who is affected by CVE-2014-6158?
CVE-2014-6158 affects users of IBM PureApplication System 1.0.0.0 to 1.0.0.3, 1.1.0.0 to 1.1.0.4, and IBM Workload Deployer 3.1.0.7.
What type of vulnerability is CVE-2014-6158?
CVE-2014-6158 is a directory traversal vulnerability in the file-upload feature.
What can attackers achieve with CVE-2014-6158?
Attackers can potentially execute arbitrary code on the affected systems if they exploit CVE-2014-6158.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ibm
- canonical/ibm pureapplication system
- version/ibm pureapplication system/1.0.0.0
- version/ibm pureapplication system/1.0.0.1
- version/ibm pureapplication system/1.0.0.2
- version/ibm pureapplication system/1.0.0.3
- version/ibm pureapplication system/1.1.0.0
- version/ibm pureapplication system/1.1.0.1
- version/ibm pureapplication system/1.1.0.2
- version/ibm pureapplication system/1.1.0.3
- version/ibm pureapplication system/1.1.0.4
- version/ibm pureapplication system/2.0.0.0
- canonical/ibm workload deployer
- version/ibm workload deployer/3.1.0.7