Moderate severityNVD Advisory· Published Feb 20, 2015· Updated May 6, 2026

CVE-2014-8114

Description

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.uberfire:uberfire-parentMaven	>= 0.3.0.Beta5, <= 0.3.1.Final	—

Affected products

Red Hat/Uberfire4 versions
cpe:2.3:a:redhat:uberfire:0.3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:redhat:uberfire:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:uberfire:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:uberfire:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:uberfire:0.3.3:*:*:*:*:*:*:*
ghsa-coords
pkg:maven/org.uberfire/uberfire-parent
Range: >= 0.3.0.Beta5, <= 0.3.1.Final

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

rhn.redhat.com/errata/RHSA-2015-0234.htmlnvdVendor AdvisoryWEB
rhn.redhat.com/errata/RHSA-2015-0235.htmlnvdVendor AdvisoryWEB
github.com/advisories/GHSA-6h58-c7r7-g2hwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-8114ghsaADVISORY
github.com/uberfire/uberfire/commit/21ec50eb15nvdWEB
web.archive.org/web/20200227080813/http://www.securityfocus.com/bid/88199ghsaWEB
www.securityfocus.com/bid/88199nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000