Vulnerabilities (CVE)

Filtered by vendor Rocketsoftware Subscribe
Filtered by product Rocket Servergraph
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3914 1 Rocketsoftware 1 Rocket Servergraph 2024-02-04 10.0 HIGH N/A
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
CVE-2014-3915 1 Rocketsoftware 1 Rocket Servergraph 2024-02-04 10.0 HIGH N/A
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.