PT-2015-3825 · Ibm · Workload Deployer+1
Published
2015-01-10
·
Updated
2017-09-08
·
CVE-2014-6158
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM PureApplication System versions 1.0 through 1.0.0.4 before iFix 10
IBM PureApplication System versions 1.1 through 1.1.0.5
IBM PureApplication System versions 2.0 through 2.0.0.1
Workload Deployer version 3.1.0.7 before IF5
Description
The issue allows remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component in the file-upload feature.
Recommendations
For IBM PureApplication System versions 1.0 through 1.0.0.4, apply iFix 10 to resolve the issue.
For IBM PureApplication System versions 1.1 through 1.1.0.5, update to version 1.1.0.5 or later.
For IBM PureApplication System versions 2.0 through 2.0.0.1, update to version 2.0.0.1 or later.
For Workload Deployer version 3.1.0.7, apply IF5 to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Pureapplication System
Workload Deployer