CyberSec.Space Logo
Back to CVE Browser

CVE-2014-8871

HIGH
7.5
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile10.92th
PublishedAug 28, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.

Affected Platforms (CPE)

πŸ“¦
Sap

Hybris

>= 5.0.0 and <= 5.0.0.3
πŸ“¦
Sap

Hybris

>= 5.0.3 and <= 5.0.3.3
πŸ“¦
Sap

Hybris

>= 5.0.4 and <= 5.0.4.4
πŸ“¦
Sap

Hybris

>= 5.1.0 and <= 5.1.0.1
πŸ“¦
Sap

Hybris

>= 5.1.1 and <= 5.1.1.2
πŸ“¦
Sap

Hybris

>= 5.2.0 and <= 5.2.0.3
πŸ“¦
Sap

Hybris

>= 5.3.0 and <= 5.3.0.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2015/Feb/63
πŸ”— http://www.securityfocus.com/archive/1/534722/100/1600/threaded
πŸ”— http://www.securityfocus.com/bid/72681
πŸ”— http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2015/Feb/63
πŸ”— http://www.securityfocus.com/archive/1/534722/100/1600/threaded
πŸ”— http://www.securityfocus.com/bid/72681

Related Vulnerabilities

CVE-2019-03449.8

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, i...

CVE-2018-24638.6

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) atta...

CVE-2019-03227.5

SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an at...

CVE-2016-68566.1

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 a...