mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
210 lines
6.4 KiB
JSON
210 lines
6.4 KiB
JSON
{
|
|
"id": "CVE-2014-8871",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2017-08-28T15:29:00.563",
|
|
"lastModified": "2024-11-21T02:19:52.480",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de salto de directorio en la suite de software de hybris Commerce en sus versiones 5.0.3.3 y anteriores, 5.0.0.3 y anteriores, 5.0.4.4 y anteriores, 5.1.0.1 y anteriores, 5.1.1.2 y anteriores, 5.2.0.3 y anteriores y 5.3.0.1 y anteriores."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 5.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0.0",
|
|
"versionEndIncluding": "5.0.0.3",
|
|
"matchCriteriaId": "BD7158AF-1315-4437-914B-22221C30ED23"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0.3",
|
|
"versionEndIncluding": "5.0.3.3",
|
|
"matchCriteriaId": "8853F2C9-81F7-49C3-A970-907359740A23"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0.4",
|
|
"versionEndIncluding": "5.0.4.4",
|
|
"matchCriteriaId": "5C268A64-E712-46FC-B6EB-1785FFAE8AA7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.1.0",
|
|
"versionEndIncluding": "5.1.0.1",
|
|
"matchCriteriaId": "C5B9FEE6-8E2B-40FB-AAD0-1C7ED3351E7A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.1.1",
|
|
"versionEndIncluding": "5.1.1.2",
|
|
"matchCriteriaId": "0701DC02-A122-47DA-9E39-548F1FD868B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.2.0",
|
|
"versionEndIncluding": "5.2.0.3",
|
|
"matchCriteriaId": "A66B8CB1-ADCA-4F7E-AD69-C9F102B3C58B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.3.0",
|
|
"versionEndIncluding": "5.3.0.1",
|
|
"matchCriteriaId": "2535B4BD-C4F1-48EB-B2F7-B630B5B0FA14"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2015/Feb/63",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/534722/100/1600/threaded",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/72681",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/130444/Hybris-Commerce-Software-Suite-5.x-File-Disclosure-Traversal.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://seclists.org/fulldisclosure/2015/Feb/63",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Mailing List",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/534722/100/1600/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/72681",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
}
|
|
]
|
|
} |