Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-3914

EPSS 83.66% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3914

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rocket Servergraph 目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rocket ServerGraph是美国Rocket公司的一套企业级基于Web的用于数据备份和数据恢复的图表自动化管理软件。该软件支持管理备份计划、监控存储设备的使用情况和负载等。 Rocket ServerGraph 1.2版本的Admin Center for Tivoli Storage Manager (TSM)的fileRequestor servlet中存在目录遍历漏洞。远程攻击者可通过readDataFile命令利用该漏洞读取任意文件;通过del命令利用该漏洞删除任意文件;通过run和ru
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-3914

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-3914

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-08-07 · 25 CVEs total

CVE-2014-3853Pyplate 信息泄露漏洞
CVE-2014-5195Canonical Unity 竞争条件漏洞
CVE-2014-5194Sphider 代码注入漏洞
CVE-2014-5193Sphider 跨站脚本漏洞
CVE-2014-5192Sphider SQL注入漏洞
CVE-2014-5191CKEditor Preview插件跨站脚本漏洞
CVE-2014-5190WordPress SI CAPTCHA Anti-Spam插件跨站脚本漏洞
CVE-2014-5189WordPress Lead Octopus Power ‘id’参数SQL注入漏洞
CVE-2014-5188AOL Lyris ListManager ‘doemailpassword.tml’ 跨站脚本漏洞
CVE-2014-4647Embarcadero ER/Studio Data Architect ActiveX 基于栈的缓冲区溢出漏洞
CVE-2014-3855Pyplate 目录遍历漏洞漏洞
CVE-2014-3854Pyplate‘addScript.py’跨站请求伪造漏洞
CVE-2013-6771Splunk 目录遍历漏洞
CVE-2014-3852Pyplate HTTPOnly Cookie Flag 信息泄露漏洞
CVE-2014-3851Pyplate 信息泄露漏洞
CVE-2014-3800XBMC 权限许可和访问控制漏洞
CVE-2014-3774TeamPass 跨站脚本漏洞
CVE-2014-3773TeamPass SQL注入漏洞
CVE-2014-3772TeamPass 权限许可和访问控制漏洞
CVE-2014-3771TeamPass 权限许可和访问控制漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-3914

No comments yet

Leave a comment