NVD Vulnerability Detail

CVE-2014-5393

Summary	Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.
Publication Date	Sept. 12, 2014, 12:55 a.m.
Registration Date	Jan. 26, 2021, 3:14 p.m.
Last Update	Nov. 21, 2024, 11:11 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html	Exploit
2	http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html	Exploit
3	http://www.christian-schneider.net/advisories/CVE-2014-5393.txt	Exploit
4	http://www.christian-schneider.net/advisories/CVE-2014-5393.txt	Exploit
5	http://www.securityfocus.com/archive/1/533373/100/0/threaded
6	http://www.securityfocus.com/archive/1/533373/100/0/threaded
7	http://www.sos-berlin.com/modules/news/article.php?storyid=73	Vendor Advisory
8	http://www.sos-berlin.com/modules/news/article.php?storyid=73	Vendor Advisory
9	http://www.sos-berlin.com/modules/news/article.php?storyid=74	Vendor Advisory
10	http://www.sos-berlin.com/modules/news/article.php?storyid=74	Vendor Advisory
11	https://change.sos-berlin.com/browse/JS-1205
12	https://change.sos-berlin.com/browse/JS-1205
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/95796
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/95796

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

SOS JobScheduler の JobScheduler Operations Center におけるディレクトリトラバーサルの脆弱性

Title	SOS JobScheduler の JobScheduler Operations Center におけるディレクトリトラバーサルの脆弱性
Summary	SOS JobScheduler の JobScheduler Operations Center (JOC) には、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	info パーミッションを持つリモート認証されたユーザにより、webroot の任意のファイルを読まれる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 2, 2014, midnight
Registration Date	Sept. 12, 2014, 2:21 p.m.
Last Update	Sept. 12, 2014, 2:21 p.m.

Affected System

Software- und Organisations-Service

JobScheduler 1.6.4246 未満

JobScheduler 1.7.4241 未満の 1.7.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-5393	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5393
National Vulnerability Database (NVD)
2	CVE-2014-5393	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5393

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
SOS GmbH News
1	Product Development News : Vulnerability Maintenance Release for JobScheduler 1.6	http://www.sos-berlin.com/modules/news/article.php?storyid=74
2	Product Development News : Vulnerability Maintenance Release for JobScheduler 1.7	http://www.sos-berlin.com/modules/news/article.php?storyid=73
SOS JIRA
3	Path Traversal Vulnerability (CVE-2014-5393)	https://change.sos-berlin.com/browse/JS-1205

Change Log

No	Changed Details	Date of change
0	[2014年09月12日] 掲載	Feb. 17, 2018, 10:37 a.m.