Detections
Analytics

CVE-2014-3914

critical

Description

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.

References

http://zerodayinitiative.com/advisories/ZDI-14-166/

http://zerodayinitiative.com/advisories/ZDI-14-165/

http://zerodayinitiative.com/advisories/ZDI-14-163/

http://zerodayinitiative.com/advisories/ZDI-14-162/

http://zerodayinitiative.com/advisories/ZDI-14-161/

Details

Source: Mitre, NVD

Published: 2014-08-07

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.72606