Vulnerability Description
Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sos | Jobscheduler | <= 1.6.4131 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.htmlExploit
- http://www.christian-schneider.net/advisories/CVE-2014-5393.txtExploit
- http://www.securityfocus.com/archive/1/533373/100/0/threaded
- http://www.sos-berlin.com/modules/news/article.php?storyid=73Vendor Advisory
- http://www.sos-berlin.com/modules/news/article.php?storyid=74Vendor Advisory
- https://change.sos-berlin.com/browse/JS-1205
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95796
- http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.htmlExploit
- http://www.christian-schneider.net/advisories/CVE-2014-5393.txtExploit
- http://www.securityfocus.com/archive/1/533373/100/0/threaded
- http://www.sos-berlin.com/modules/news/article.php?storyid=73Vendor Advisory
- http://www.sos-berlin.com/modules/news/article.php?storyid=74Vendor Advisory
- https://change.sos-berlin.com/browse/JS-1205
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95796
FAQ
What is CVE-2014-5393?
CVE-2014-5393 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission t...
How severe is CVE-2014-5393?
CVE-2014-5393 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5393?
Check the references section above for vendor advisories and patch information. Affected products include: Sos Jobscheduler.