CVE-2014-6158: Path Traversal
First published: Sat Jan 10 2015(Updated: )
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM PureApplication System | =1.0.0.0 | |
| IBM PureApplication System | =1.0.0.1 | |
| IBM PureApplication System | =1.0.0.2 | |
| IBM PureApplication System | =1.0.0.3 | |
| IBM PureApplication System | =1.1.0.0 | |
| IBM PureApplication System | =1.1.0.1 | |
| IBM PureApplication System | =1.1.0.2 | |
| IBM PureApplication System | =1.1.0.3 | |
| IBM PureApplication System | =1.1.0.4 | |
| IBM PureApplication System | =2.0.0.0 | |
| IBM Workload Deployer | =3.1.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/references
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm pureapplication system
- version/ibm pureapplication system/1.0.0.0
- version/ibm pureapplication system/1.0.0.1
- version/ibm pureapplication system/1.0.0.2
- version/ibm pureapplication system/1.0.0.3
- version/ibm pureapplication system/1.1.0.0
- version/ibm pureapplication system/1.1.0.1
- version/ibm pureapplication system/1.1.0.2
- version/ibm pureapplication system/1.1.0.3
- version/ibm pureapplication system/1.1.0.4
- version/ibm pureapplication system/2.0.0.0
- canonical/ibm workload deployer
- version/ibm workload deployer/3.1.0.7