Lucene search

[email protected]NVD:CVE-2014-5393

HistorySep 11, 2014 - 3:55 p.m.

CVE-2014-5393

2014-09-1115:55:04

CWE-22

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.

Affected configurations

NVD

Node

sosjobschedulerRange≤1.6.4131

sosjobschedulerMatch1.6.4014

sosjobschedulerMatch1.6.4043

sosjobschedulerMatch1.7.4177

sosjobschedulerMatch1.7.4189

References

packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html

www.christian-schneider.net/advisories/CVE-2014-5393.txt

www.securityfocus.com/archive/1/533373/100/0/threaded

www.sos-berlin.com/modules/news/article.php?storyid=73

www.sos-berlin.com/modules/news/article.php?storyid=74

change.sos-berlin.com/browse/JS-1205

exchange.xforce.ibmcloud.com/vulnerabilities/95796

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

Related for NVD:CVE-2014-5393

securityvulns2 prion1 cve1 cvelist1 openvas1