Path Traversal in Ibm Pureapplication_system

CVE-2014-6158

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticate…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.024 (85.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Pureapplication_system — versions 1.0.0.0, 1.0.0.1, 1.0.0.2
Ibm Workload_deployer — versions 3.1.0.7
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

62032 (x_refsource_SECUNIA, third-party-advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
61956 (x_refsource_SECUNIA, third-party-advisory)
ibm-pas-cve20146158-traversal(97707) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)