{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187340"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/cve-2014-8163"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.110Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187340"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2014-8163"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8163", "datePublished": "2017-08-28T19:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.110Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE6BFE59-8452-45DF-A6DD-75EACE54E180", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5."}, {"lang": "es", "value": "Existe una vulnerabilidad de salto de directorio en la interfaz XMLRPC en Red Hat Satellite 5."}], "id": "CVE-2014-8163", "lastModified": "2017-09-05T18:21:27.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-28T19:29:00.400", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/cve-2014-8163"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "VDB Entry", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187340"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Travis Emmert for reporting this issue.", "bugzilla": {"description": "Satellite5: upload_crash_file and upload_result directory traversal", "id": "1187340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187340"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "status": "draft"}, "cwe": "CWE-22", "details": ["Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.", "It was found that an XMLRPC interface exposed by Satellite could allow an attacker to write arbitrary files and directories under the /var/satellite directory on the Satellite server."], "name": "CVE-2014-8163", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat Satellite 5"}], "public_date": "2015-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8163\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8163"], "threat_severity": "Moderate"}