CVE-2014-4767

2014-08-2201:55:00

CWE-94

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

liberty profile

cve-2014-4767

nvd

security vulnerability

remote code execution

9.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq8.5.5.1
ibm:websphere_application_serveribm websphere application servereq8.5.0.2
ibm:websphere_application_serveribm websphere application servereq8.5.5.0
ibm:websphere_application_serveribm websphere application servereq8.5.0.0
ibm:websphere_application_serveribm websphere application servereq8.5.0.1
ibm:websphere_application_serveribm websphere application servereq8.5.5.2

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.1
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.2
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.0
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.0
ibm:websphere_application_server	ibm websphere application server	eq	8.5.0.1
ibm:websphere_application_server	ibm websphere application server	eq	8.5.5.2