CVE-2011-1654

{"id": "CVE-2011-1654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-18T15:00:43.390", "references": [{"url": "http://secunia.com/advisories/44097", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1025353", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517488/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/47357", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0977", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-126/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66726", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Heartbeat Web Service de CA.Itm.Server.ManagementWS.dll en Management Server de CA Total Defense (TD) r12 antes de SE2, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de secuencias de salto de directorio en el par\u00e1metro GUID en una solicitud de carga a FileUploadHandler.ashx."}], "lastModified": "2023-11-07T02:07:04.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:total_defense:r12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD87D20-B6C6-4D48-BEF7-5960AB2060D0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}