Vulnerability Details CVE-2014-6182
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v2 Score 4.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234
- http://www.ibm.com/support/docview.wss?uid=swg21692540
- http://www.securitytracker.com/id/1031379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98518
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234
- http://www.ibm.com/support/docview.wss?uid=swg21692540
- http://www.securitytracker.com/id/1031379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98518
Products affected by CVE-2014-6182
-
cpe:2.3:a:ibm:business_process_manager:8.0.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.1
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.3
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:8.5.5.0