CVE-2014-3914

CVE-2014-3914 affects Rocket Servergraph 1.2 Admin Center, with directory traversal in the fileRequestor servlet (and related fileRequestServlet/userRequest servlet) allowing actions such as writeDataFile, run, runClear, readDataFile, del, and save_server_groups to be abused via crafted query/bod...

CVE-2014-3915

The CVE-2014-3915 issue affects Rocket Servergraph’s Admin Center, specifically the userRequest servlet. Multiple command vectors (auth, auth_session, auth_simple, add, add_flat, remove, set_pwd, add_permissions, revoke_permissions, runAsync, tsmRequest) allow remote attackers to execute arbitrar...