Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM09195825C327814FCA75AE3D158C5537C688EE0554FCE90B1F012F24C26A1AF9
HistoryJul 28, 2023 - 7:59 p.m.

Security Bulletin: IBM TRIRIGA Application Platform discloses remote attacker to execute commands (CVE-2014-0359)

2023-07-2819:59:31
www.ibm.com
12
ibm
tririga
platform
command execution
vulnerability
xangati
remote attacker
input validation

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

JSON

Summary

Xangati could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by /servlet/Installer.

Vulnerability Details

**IBM X-Force ID:**92636
**DESCRIPTION:**Xangati could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by /servlet/Installer. An attacker could exploit this vulnerability using the params parameter to inject and execute arbitrary commands on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92636 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Affected Product(s) Version(s)
IBM TRIRIGA Application Platform 4.0

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 4.5| The fix is available for download on Passport Advantage

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtririga_application_platformMatch4.0
CPENameOperatorVersion
ibm tririga application platformeq4.0

Related

prion 1
nvd 1
cve 1
cvelist 1
cert 1
prion
prion
Design/Logic Flaw
2014-04-15 10:55:00
nvd
nvd
CVE-2014-0359
2014-04-15 10:55:12
cve
cve
CVE-2014-0359
2014-04-15 10:55:12
cvelist
cvelist
CVE-2014-0359
2014-04-15 10:00:00
cert
cert
Xangati software release contains relative path traversal and command injection vulnerabilities
2014-04-14 00:00:00

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

JSON
Related for 09195825C327814FCA75AE3D158C5537C688EE0554FCE90B1F012F24C26A1AF9
prion1nvd1cve1cvelist1cert1