Arbitrary Code Execution via Directory Traversal in IBM PureApplication System and Workload Deployer

CVE-2014-6158 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Learn more about our Cis Benchmark Audit For F5.