Lucene search

[email protected]NVD:CVE-2014-6182

HistoryDec 17, 2014 - 12:59 a.m.

CVE-2014-6182

2014-12-1700:59:01

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

49.1%

JSON

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a … (dot dot) in a URL.

Affected configurations

Nvd

Node

ibmbusiness_process_managerMatch8.0.0.0

ibmbusiness_process_managerMatch8.0.1.0

ibmbusiness_process_managerMatch8.0.1.1

ibmbusiness_process_managerMatch8.0.1.2

ibmbusiness_process_managerMatch8.0.1.3

ibmbusiness_process_managerMatch8.5.0.0

ibmbusiness_process_managerMatch8.5.0.1

ibmbusiness_process_managerMatch8.5.5.0

VendorProductVersionCPE
ibmbusiness_process_manager8.0.0.0cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.1.0cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.1.1cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.1.2cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.1.3cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*
ibmbusiness_process_manager8.5.0.0cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.5.0.1cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*
ibmbusiness_process_manager8.5.5.0cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	business_process_manager	8.0.0.0	cpe:2.3:a:ibm:business_process_manager:8.0.0.0:::::::*
ibm	business_process_manager	8.0.1.0	cpe:2.3:a:ibm:business_process_manager:8.0.1.0:::::::*
ibm	business_process_manager	8.0.1.1	cpe:2.3:a:ibm:business_process_manager:8.0.1.1:::::::*
ibm	business_process_manager	8.0.1.2	cpe:2.3:a:ibm:business_process_manager:8.0.1.2:::::::*
ibm	business_process_manager	8.0.1.3	cpe:2.3:a:ibm:business_process_manager:8.0.1.3:::::::*
ibm	business_process_manager	8.5.0.0	cpe:2.3:a:ibm:business_process_manager:8.5.0.0:::::::*
ibm	business_process_manager	8.5.0.1	cpe:2.3:a:ibm:business_process_manager:8.5.0.1:::::::*
ibm	business_process_manager	8.5.5.0	cpe:2.3:a:ibm:business_process_manager:8.5.5.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1JR51234

www.ibm.com/support/docview.wss?uid=swg21692540

www.securitytracker.com/id/1031379

exchange.xforce.ibmcloud.com/vulnerabilities/98518

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

49.1%

JSON

Related for NVD:CVE-2014-6182

prion1 ibm1 cve1 cvelist1