CVE-2014-6158 Information

Description

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10 1.1 before 1.1.0.5 and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package (2) Add-On or (3) Emergency Fixes component.

Reference

http://secunia.com/advisories/61956 http://secunia.com/advisories/62032 http://www-01.ibm.com/support/docview.wss?uid=swg21693292 http://www-01.ibm.com/support/docview.wss?uid=swg21693440 https://exchange.xforce.ibmcloud.com/vulnerabilities/97707