Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3914 | 1 Rocketsoftware | 1 Rocket Servergraph | 2014-08-07 | 10.0 HIGH | N/A |
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet. | |||||
CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2014-06-12 | 10.0 HIGH | N/A |
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. |