CVE-2014-5393 : Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.

Published 2014-09-11 15:55:05

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2014-5393

SOS » Jobscheduler
Versions up to, including, (<=) 1.6.4131
cpe:2.3:a:sos:jobscheduler:*:*:*:*:*:*:*:*
Matching versions
SOS » Jobscheduler » Version: 1.6.4043
cpe:2.3:a:sos:jobscheduler:1.6.4043:*:*:*:*:*:*:*
Matching versions
SOS » Jobscheduler » Version: 1.7.4177
cpe:2.3:a:sos:jobscheduler:1.7.4177:*:*:*:*:*:*:*
Matching versions
SOS » Jobscheduler » Version: 1.7.4189
cpe:2.3:a:sos:jobscheduler:1.7.4189:*:*:*:*:*:*:*
Matching versions
SOS » Jobscheduler » Version: 1.6.4014
cpe:2.3:a:sos:jobscheduler:1.6.4014:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-5393

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-5393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-5393

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-5393

http://packetstormsecurity.com/files/128192/JobScheduler-Path-Traversal.html

JobScheduler Path Traversal ≈ Packet Storm
Exploit
http://www.sos-berlin.com/modules/news/article.php?storyid=73

403 Forbidden
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/533373/100/0/threaded

SecurityFocus
http://www.sos-berlin.com/modules/news/article.php?storyid=74

403 Forbidden
Vendor Advisory

CVEs referencing this url
http://www.christian-schneider.net/advisories/CVE-2014-5393.txt

Exploit
https://change.sos-berlin.com/browse/JS-1205

[JS-1205] Path Traversal Vulnerability (CVE-2014-5393) - SOS JIRA
https://exchange.xforce.ibmcloud.com/vulnerabilities/95796

SOS GmbH JobScheduler directory traversal CVE-2014-5393 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-5393

Products affected by CVE-2014-5393

Exploit prediction scoring system (EPSS) score for CVE-2014-5393

CVSS scores for CVE-2014-5393

CWE ids for CVE-2014-5393

References for CVE-2014-5393