Описание
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:ibm:workload_deployer:3.1.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.0236
Низкий
9 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
EPSS
Процентиль: 85%
0.0236
Низкий
9 Critical
CVSS2
Дефекты
CWE-22