CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3915

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile9.78th
PublishedJun 11, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.

Affected Platforms (CPE)

πŸ“¦
Rocketsoftware

Rocket Servergraph

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/67780
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-164/
πŸ”— http://www.securityfocus.com/bid/67780
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-14-164/

Related Vulnerabilities

CVE-2014-391410.0

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote att...

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052810.0

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attac...

CVE-2014-052510.0

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unm...