VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 10, 2015· Updated May 6, 2026

CVE-2014-6158

CVE-2014-6158

Description

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Affected products

11
  • IBM/Pureapplication System10 versions
    cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:1.1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*
  • IBM/Workload Deployer
    cpe:2.3:a:ibm:workload_deployer:3.1.0.7:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.