1 results (0.004 seconds)

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 2

CVE-2014-3914 – Rocket Servergraph Admin Center for TSM userRequest save_server_groups Command Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. Vulnerabilidad de salto de directorio en el centro de administración para Tivoli Storage Manager (TSM) en Rocket ServerGraph 1.2 permite a atacantes remotos (1) crear ficheros arbitrarios a través de un .. (punto punto) en el parámetro query en una acción writeDataFile en el servlet fileRequestor, ejecutar ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/33807 http://www.exploit-db.com/exploits/33807 http://zerodayinitiative.com/advisories/ZDI-14-161 http://zerodayinitiative.com/advisories/ZDI-14-162 http://zerodayinitiative.com/advisories/ZDI-14-163 http://zerodayinitiative.com/advisories/ZDI-14-165 http://zerodayinitiative.com/advisories/ZDI-14-166 - • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •