CVE-2016-2914: Malicious File Upload
First published: Mon Aug 08 2016(Updated: )
Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational Publishing Engine | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2914?
CVE-2016-2914 is considered a critical severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2016-2914?
To fix CVE-2016-2914, update your IBM Rational Publishing Engine to version 2.0.1 ifix002 or later.
Who is affected by CVE-2016-2914?
CVE-2016-2914 affects authenticated users of IBM Rational Publishing Engine version 2.0.1 before ifix002.
What type of vulnerability is CVE-2016-2914?
CVE-2016-2914 is classified as an unrestricted file upload vulnerability.
What can attackers do with CVE-2016-2914?
Attackers can execute arbitrary code on the server by exploiting the unrestricted file upload vulnerability in CVE-2016-2914.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/remedy
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm rational publishing engine
- version/ibm rational publishing engine/2.0.1