CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-3914

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile24.18th
Published2014年8月7日
Last Modified2026年5月6日

Vulnerability Description

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.

Affected Platforms (CPE)

📦
Rocketsoftware

Rocket Servergraph

= 1.2

References & Advisories

🔗 http://www.exploit-db.com/exploits/33807
🔗 http://zerodayinitiative.com/advisories/ZDI-14-161/
🔗 http://zerodayinitiative.com/advisories/ZDI-14-162/
🔗 http://zerodayinitiative.com/advisories/ZDI-14-163/
🔗 http://zerodayinitiative.com/advisories/ZDI-14-165/
🔗 http://zerodayinitiative.com/advisories/ZDI-14-166/
🔗 http://www.exploit-db.com/exploits/33807
🔗 http://zerodayinitiative.com/advisories/ZDI-14-161/

相關漏洞威脅

CVE-2014-391510.0

The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute ar...

CVE-2014-844610.0

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-844710.0

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-845610.0

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code...