Lucene search

[email protected]CVE-2014-4840

HistoryOct 19, 2014 - 1:55 a.m.

CVE-2014-4840

2014-10-1901:55:15

CWE-20

[email protected]

web.nvd.nist.gov

ibm

tririga

application platform

rce

url

security vulnerability

nvd

cve-2014-4840

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.

Affected configurations

NVD

Node

ibmtririga_application_platformMatch3.2

ibmtririga_application_platformMatch3.2.1

ibmtririga_application_platformMatch3.3.0.0

ibmtririga_application_platformMatch3.3.0.1

ibmtririga_application_platformMatch3.3.1.0

ibmtririga_application_platformMatch3.3.1.1

ibmtririga_application_platformMatch3.3.1.2

ibmtririga_application_platformMatch3.3.2.0

ibmtririga_application_platformMatch3.3.2.1

ibmtririga_application_platformMatch3.4.0.0

CPENameOperatorVersion
ibm:tririga_application_platformibm tririga application platformeq3.2
ibm:tririga_application_platformibm tririga application platformeq3.2.1
ibm:tririga_application_platformibm tririga application platformeq3.3.0.0
ibm:tririga_application_platformibm tririga application platformeq3.3.0.1
ibm:tririga_application_platformibm tririga application platformeq3.3.1.0
ibm:tririga_application_platformibm tririga application platformeq3.3.1.1
ibm:tririga_application_platformibm tririga application platformeq3.3.1.2
ibm:tririga_application_platformibm tririga application platformeq3.3.2.0
ibm:tririga_application_platformibm tririga application platformeq3.3.2.1
ibm:tririga_application_platformibm tririga application platformeq3.4.0.0

CPE	Name	Operator	Version
ibm:tririga_application_platform	ibm tririga application platform	eq	3.2
ibm:tririga_application_platform	ibm tririga application platform	eq	3.2.1
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.0.0
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.0.1
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.1.0
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.1.1
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.1.2
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.2.0
ibm:tririga_application_platform	ibm tririga application platform	eq	3.3.2.1
ibm:tririga_application_platform	ibm tririga application platform	eq	3.4.0.0

References

secunia.com/advisories/61056

www-01.ibm.com/support/docview.wss?uid=swg21686230

exchange.xforce.ibmcloud.com/vulnerabilities/95636

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2014-4840

nvd1 prion1 cvelist1