CVE-2014-6154
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.
Vulnerabilidad de salto de directorio en IBM Optim Performance Manager para DB2 4.1.0.1 hasta 4.1.1 en Linux, UNIX, y Windows e IBM InfoSphere Optim Performance Manager para DB2 5.1 hasta 5.3.1 en Linux, UNIX, y Windows permite a atacantes remotos acceder a ficheros arbitrarios a través de un .. (punto punto) en una URL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-09-02 CVE Reserved
- 2015-02-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/97677 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21696000 | 2017-09-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 4.1.1 Search vendor "Ibm" for product "Optim Performance Manager" and version "4.1.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 4.1.1 Search vendor "Ibm" for product "Optim Performance Manager" and version "4.1.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 4.1.1.1 Search vendor "Ibm" for product "Optim Performance Manager" and version "4.1.1.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 4.1.1.1 Search vendor "Ibm" for product "Optim Performance Manager" and version "4.1.1.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 5.1.0 Search vendor "Ibm" for product "Optim Performance Manager" and version "5.1.0" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Ibm Search vendor "Ibm" | Optim Performance Manager Search vendor "Ibm" for product "Optim Performance Manager" | 5.1.0 Search vendor "Ibm" for product "Optim Performance Manager" and version "5.1.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|