Lucene search
Andrea Micalizzi (rgod)ZDI-14-162HistoryJun 02, 2014 - 12:00 a.m.
(0Day) Rocket Servergraph Admin Center for TSM fileRequestorServlet run/runClear Command Remote Code Execution Vulnerability
2014-06-0200:00:00
Andrea Micalizzi (rgod)
www.zerodayinitiative.com
9
0.969 High
EPSS
Percentile
99.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rocket Servergraph Admin Center for Tivoli Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fileRequestServlet servlet. This servlet is vulnerable to a directory traversal vulnerability when processing run and runClear commands. A remote attacker can leverage this vulnerability to execute remote code under the context of the SYSTEM user.
Related
zdi
zdi
prion
prion
Directory traversal
2014-08-07 11:13:00
cvelist
cvelist
CVE-2014-3914
2014-08-07 10:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2014-3914
2014-08-07 11:13:36
nvd
nvd
CVE-2014-3914
2014-08-07 11:13:36
zdt
zdt
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
2014-06-18 00:00:00
packetstorm
packetstorm
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
2014-06-17 00:00:00