Lucene search

K
ibmIBM09195825C327814FCA75AE3D158C5537C688EE0554FCE90B1F012F24C26A1AF9
HistoryJul 28, 2023 - 7:59 p.m.

Security Bulletin: IBM TRIRIGA Application Platform discloses remote attacker to execute commands (CVE-2014-0359)

2023-07-2819:59:31
www.ibm.com
12
ibm
tririga
platform
command execution
vulnerability
xangati
remote attacker
input validation

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

Summary

Xangati could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by /servlet/Installer.

Vulnerability Details

**IBM X-Force ID:**92636
**DESCRIPTION:**Xangati could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by /servlet/Installer. An attacker could exploit this vulnerability using the params parameter to inject and execute arbitrary commands on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92636 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Affected Product(s) Version(s)
IBM TRIRIGA Application Platform 4.0

Remediation/Fixes

Product|VRMF|

Remediation/First Fix

—|—|—
IBM TRIRIGA Application Platform| 4.5| The fix is available for download on Passport Advantage

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtririga_application_platformMatch4.0
CPENameOperatorVersion
ibm tririga application platformeq4.0

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

Related for 09195825C327814FCA75AE3D158C5537C688EE0554FCE90B1F012F24C26A1AF9