CVE-2014-6158

Name of the Vulnerable Software and Affected Versions IBM PureApplication System versions 1.0 through 1.0.0.4 before iFix 10 IBM PureApplication System versions 1.1 through 1.1.0.5 IBM PureApplication System versions 2.0 through 2.0.0.1 Workload Deployer version 3.1.0.7 before IF5

Description The issue allows remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component in the file-upload feature.

Recommendations For IBM PureApplication System versions 1.0 through 1.0.0.4, apply iFix 10 to resolve the issue. For IBM PureApplication System versions 1.1 through 1.1.0.5, update to version 1.1.0.5 or later. For IBM PureApplication System versions 2.0 through 2.0.0.1, update to version 2.0.0.1 or later. For Workload Deployer version 3.1.0.7, apply IF5 to resolve the issue.