CVE-2014-6158

high

Description

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/97707

http://www-01.ibm.com/support/docview.wss?uid=swg21693440

http://www-01.ibm.com/support/docview.wss?uid=swg21693292

http://secunia.com/advisories/62032

http://secunia.com/advisories/61956

Details

Source: Mitre, NVD

Published: 2015-01-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01751