Lucene search

[email protected]CVE-2014-8789

HistoryDec 02, 2014 - 4:59 p.m.

CVE-2014-8789

2014-12-0216:59:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-8789

gleamtech filevista

file creation

code execution

zip archive

security vulnerability

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.

Affected configurations

NVD

Node

gleamtechfilevistaRange≤6.0.9

CPENameOperatorVersion
gleamtech:filevistagleamtech filevistale6.0.9

CPE	Name	Operator	Version
gleamtech:filevista	gleamtech filevista	le	6.0.9

References

packetstormsecurity.com/files/129304/FileVista-Path-Leakage-Path-Write-Modification.html

seclists.org/fulldisclosure/2014/Nov/87

support.gleamtech.com/kb/a10/version-history-of-filevista.aspx

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

JSON

Related for CVE-2014-8789

prion1 nvd1 cvelist1