CVE-2016-2914

MEDIUM

IBM Engineering Lifecycle Optimizatio... - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension.

References (2)

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21988263

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92334

Scores

CVSS v3 5.4

EPSS 0.0113

EPSS Percentile 78.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Classification

CWE

CWE-434

Status draft

Affected Products (1)

ibm/engineering_lifecycle_optimization_-_publishing

Timeline

Published Aug 08, 2016

Tracked Since Feb 18, 2026