CVE-2017-1000009

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2", "name": "https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.6.md#bug-fixes-2", "tags": ["Release Notes", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes", "name": "https://github.com/akeneo/pim-community-dev/blob/master/CHANGELOG-1.4.md#bug-fixes", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2", "name": "https://github.com/akeneo/pim-community-dev/blob/1.5/CHANGELOG-1.5.md#bug-fixes-2", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-78"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-1000009", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2017-07-17T13:18Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:-:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta2:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta3:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:rc1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.1:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.3:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.4:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.6:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.9:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.10:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.11:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.12:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.13:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.14:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.15:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.16:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.17:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.18:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.19:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.20:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.21:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.22:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.23:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.24:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.25:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.26:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.27:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:-:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:alpha1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:beta1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:rc1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.1:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.3:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.4:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.6:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.7:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.8:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.9:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.10:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.11:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.12:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.13:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.14:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:-:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha2:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:rc1:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.1:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.2:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.3:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.4:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.5:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:-:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta2:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:beta3:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.0:rc1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.1:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.2:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.3:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.4:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.5:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.6:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.7:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.8:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.9:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.10:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.11:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.12:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.13:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.14:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.15:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.16:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.17:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.18:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.19:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.20:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.21:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.22:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.23:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.24:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.25:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.26:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.4.27:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:-:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:alpha1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:beta1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.0:rc1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.1:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.2:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.3:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.4:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.5:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.6:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.7:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.8:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.9:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.10:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.11:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.12:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.13:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.5.14:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:-:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:alpha2:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.0:rc1:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.1:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.2:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.3:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.4:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:akeneo:product_information_management:1.6.5:*:*:*:community:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-05T16:52Z"}