CVE-2014-6122
Summary
| CVE | CVE-2014-6122 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-23 02:59:00 UTC |
| Updated | 2017-09-08 01:29:00 UTC |
| Description | IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Security Appscan | 8.5 | All | All | All |
| Application | Ibm | Security Appscan | 8.6 | All | All | All |
| Application | Ibm | Security Appscan | 8.7 | All | All | All |
| Application | Ibm | Security Appscan | 8.8 | All | All | All |
| Application | Ibm | Security Appscan | 9.0 | All | All | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Appscan | 8.5 | All | All | All |
| Application | Ibm | Security Appscan | 8.6 | All | All | All |
| Application | Ibm | Security Appscan | 8.7 | All | All | All |
| Application | Ibm | Security Appscan | 8.8 | All | All | All |
| Application | Ibm | Security Appscan | 9.0 | All | All | All |
| Application | Ibm | Security Appscan | 9.0.0.1 | All | All | All |
| Application | Ibm | Security Appscan Source | 9.0.1 | All | All | All |
| Application | Ibm | Security Appscan Source | 9.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security AppScan Enterprise Bugs Let Remote Users Conduct Cross-Site Scrpting Attacks and Gain Full Control of the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM Security Bulletin: Multiple vulnerabilities in AppScan Enterprise (CVE-2014-6135, CVE-2014-6119, CVE-2014-6122, CVE-2014-6121, CVE-2013-2566, CVE-2005-2969) - United States | CONFIRM | www-01.ibm.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.