Lucene search

MitreCVE-2017-14614

HistoryOct 10, 2017 - 1:30 a.m.

CVE-2017-14614

2017-10-1001:30:21

CWE-22

mitre

web.nvd.nist.gov

cve-2017-14614

directory traversal

visor gui console

gridgain

remote authenticated users

arbitrary files

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.

Affected configurations

Nvd

Node

gridgaingridgainMatch8.0.0ea1

gridgaingridgainMatch8.0.0ea2

gridgaingridgainMatch8.0.0ea3

gridgaingridgainMatch8.0.0ea4

gridgaingridgainMatch8.0.0ea5

gridgaingridgainMatch8.0.1

gridgaingridgainMatch8.0.1ea1

gridgaingridgainMatch8.0.1ea2

gridgaingridgainMatch8.0.1ea3

gridgaingridgainMatch8.0.1ea4

gridgaingridgainMatch8.0.1ea5

gridgaingridgainMatch8.0.1ea6

gridgaingridgainMatch8.0.1ea7

gridgaingridgainMatch8.0.1ea8

gridgaingridgainMatch8.0.1ea9

gridgaingridgainMatch8.0.2ea1

gridgaingridgainMatch8.0.2ea2

gridgaingridgainMatch8.0.2ea3

gridgaingridgainMatch8.0.3ea1

gridgaingridgainMatch8.0.3ea10

gridgaingridgainMatch8.0.3ea11

gridgaingridgainMatch8.0.3ea12

gridgaingridgainMatch8.0.3ea13

gridgaingridgainMatch8.0.3ea14

gridgaingridgainMatch8.0.3ea15

gridgaingridgainMatch8.0.3ea16

gridgaingridgainMatch8.0.3ea2

gridgaingridgainMatch8.0.3ea3

gridgaingridgainMatch8.0.3ea4

gridgaingridgainMatch8.0.3ea5

gridgaingridgainMatch8.0.3ea6

gridgaingridgainMatch8.0.3ea7

gridgaingridgainMatch8.0.3ea8

gridgaingridgainMatch8.0.3ea9

gridgaingridgainMatch8.0.4ea1

gridgaingridgainMatch8.1.1

gridgaingridgainMatch8.1.2

gridgaingridgainMatch8.1.3

gridgaingridgainMatch8.1.3p1

gridgaingridgainMatch8.1.3p2

gridgaingridgainMatch8.1.3p3

gridgaingridgainMatch8.1.3p4

gridgaingridgainMatch8.1.3p5

gridgaingridgainMatch8.1.4

gridgaingridgainMatch8.1.4p1

gridgaingridgainMatch8.1.4p2

gridgaingridgainMatch8.1.4p3

Node

gridgaingridgainMatch1.9.1

gridgaingridgainMatch1.9.2

gridgaingridgainMatch1.9.3

gridgaingridgainMatch1.9.4

gridgaingridgainMatch1.9.5

gridgaingridgainMatch1.9.6

Node

gridgaingridgainMatch1.8.1

gridgaingridgainMatch1.8.2

gridgaingridgainMatch1.8.3

gridgaingridgainMatch1.8.4

gridgaingridgainMatch1.8.5

gridgaingridgainMatch1.8.6

gridgaingridgainMatch1.8.7

gridgaingridgainMatch1.8.8

gridgaingridgainMatch1.8.9

gridgaingridgainMatch1.8.10

gridgaingridgainMatch1.8.11

Node

gridgaingridgainRange≤1.7.15

VendorProductVersionCPE
gridgaingridgain8.0.0cpe:2.3:a:gridgain:gridgain:8.0.0:ea1:*:*:*:*:*:*
gridgaingridgain8.0.0cpe:2.3:a:gridgain:gridgain:8.0.0:ea2:*:*:*:*:*:*
gridgaingridgain8.0.0cpe:2.3:a:gridgain:gridgain:8.0.0:ea3:*:*:*:*:*:*
gridgaingridgain8.0.0cpe:2.3:a:gridgain:gridgain:8.0.0:ea4:*:*:*:*:*:*
gridgaingridgain8.0.0cpe:2.3:a:gridgain:gridgain:8.0.0:ea5:*:*:*:*:*:*
gridgaingridgain8.0.1cpe:2.3:a:gridgain:gridgain:8.0.1:*:*:*:*:*:*:*
gridgaingridgain8.0.1cpe:2.3:a:gridgain:gridgain:8.0.1:ea1:*:*:*:*:*:*
gridgaingridgain8.0.1cpe:2.3:a:gridgain:gridgain:8.0.1:ea2:*:*:*:*:*:*
gridgaingridgain8.0.1cpe:2.3:a:gridgain:gridgain:8.0.1:ea3:*:*:*:*:*:*
gridgaingridgain8.0.1cpe:2.3:a:gridgain:gridgain:8.0.1:ea4:*:*:*:*:*:*

Vendor	Product	Version	CPE
gridgain	gridgain	8.0.0	cpe:2.3:a:gridgain:gridgain:8.0.0:ea1::::::
gridgain	gridgain	8.0.0	cpe:2.3:a:gridgain:gridgain:8.0.0:ea2::::::
gridgain	gridgain	8.0.0	cpe:2.3:a:gridgain:gridgain:8.0.0:ea3::::::
gridgain	gridgain	8.0.0	cpe:2.3:a:gridgain:gridgain:8.0.0:ea4::::::
gridgain	gridgain	8.0.0	cpe:2.3:a:gridgain:gridgain:8.0.0:ea5::::::
gridgain	gridgain	8.0.1	cpe:2.3:a:gridgain:gridgain:8.0.1:::::::*
gridgain	gridgain	8.0.1	cpe:2.3:a:gridgain:gridgain:8.0.1:ea1::::::
gridgain	gridgain	8.0.1	cpe:2.3:a:gridgain:gridgain:8.0.1:ea2::::::
gridgain	gridgain	8.0.1	cpe:2.3:a:gridgain:gridgain:8.0.1:ea3::::::
gridgain	gridgain	8.0.1	cpe:2.3:a:gridgain:gridgain:8.0.1:ea4::::::

Rows per page:

1-10 of 651

References

www.openwall.com/lists/oss-security/2017/10/05/1

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVE-2017-14614