CVE-2014-3914
EXPLOITEDRocket ServerGraph 1.2 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/33807
metasploit
WORKING POC
GREAT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rocket_servergraph_file_requestor_rce.rb
References (6)
Scores
EPSS
0.8366
EPSS Percentile
99.3%
Details
VulnCheck KEV
2020-12-01
CWE
CWE-22
Status
published
Products (1)
rocketsoftware/rocket_servergraph
1.2
Published
Aug 07, 2014
Tracked Since
Feb 18, 2026