5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. IBM Security Guardium addressed these issues
CVEID: CVE-2014-3578**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93774> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-3625**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
IBM Security Guardium V9.0, 9.1, 9.5
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium| 9x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p1089_LanguageUpdate_GPU-750_64-bit,SqlGuard_9.0p750_GPU_March-2017_32-bit,SqlGuard_9.0p1089_LanguageUpdate_GPU-750_32-bit,SqlGuard_9.0p750_GPU_March-2017_64-bit&includeSupersedes=0&source=fc
none
CPE | Name | Operator | Version |
---|---|---|---|
ibm security guardium | eq | 9.0 | |
ibm security guardium | eq | 9.1 | |
ibm security guardium | eq | 9.5 |