Lucene search

MitreCVE-2014-3915

HistoryJun 11, 2014 - 2:55 p.m.

CVE-2014-3915

2014-06-1114:55:09

CWE-94

mitre

web.nvd.nist.gov

tivoli storage manager

rocket servergraph

remote attack

arbitrary commands

security vulnerability

cve-2014-3915

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.964

Percentile

99.6%

JSON

The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.

Affected configurations

Nvd

Node

rocketsoftwarerocket_servergraphMatch-

VendorProductVersionCPE
rocketsoftwarerocket_servergraph-cpe:2.3:a:rocketsoftware:rocket_servergraph:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rocketsoftware	rocket_servergraph	-	cpe:2.3:a:rocketsoftware:rocket_servergraph:-:::::::*

References

www.securityfocus.com/bid/67780

www.zerodayinitiative.com/advisories/ZDI-14-164/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.964

Percentile

99.6%

JSON

Related for CVE-2014-3915