CVE-2017-14614

Published Oct 10, 2017
Last updated 7 years ago
CVSS medium 6.5
Overview

Description: Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-22
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEE026BE-B861-45D6-948E-909BC374B03D"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "567AE911-AABC-4367-8542-410079FED48A"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C7656B1-21E9-4848-94F2-1E39B20E1A89"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05A94CCD-E824-4D7C-BDF3-ACF945B291CB"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55F832FC-F534-4DC9-9164-24B3F64C0900"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "837DEF09-1970-47F8-91A2-BB99C86270A7"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "404FE7FF-F949-4ED4-8934-72877B9397A0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68CBDF33-68BF-40C8-863E-FB28859C06D0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5396510A-ABF4-44C8-B158-199289B2A49F"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F8D9C68-5A63-4115-BF7B-9A618C3C4E89"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9D01D4-7B55-48A3-B723-B5212DA7C614"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D599A9AA-D7F1-4BAC-9912-FEFD20CF8F0A"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F13D33AF-3A67-4C1A-BF32-EC4D87E43B71"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2C02CD3-16E7-4D69-B88A-190B20C90AE5"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C9D3AE3-0AE1-4BC0-AB69-33470A59DBE0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF00818E-7760-48BC-B3BE-DB7ECE74548C"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67448CF4-086C-4E1C-9CB7-C858A4A2A26A"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC4C7C75-A3B3-4C4B-B591-E8274CCBB11E"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DA1ADF6-84C8-4E8D-89FA-64B8405EF6AB"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454E3093-A1B0-4ADE-8502-AA20E29A1B30"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9D21FD-630A-40A2-B926-38DE9B1B3F4E"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "014A03DD-E456-49F6-904E-226AE6B6A4FF"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD8D2EE9-2975-42E5-9E9D-0EE0191E656A"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE5C6CB-B574-4E1D-B109-D791E0610681"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75CA572A-040C-4EC2-B9C7-8B251B9773A2"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C129537-040D-493C-950A-363753858D25"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E48F248E-EF59-42D5-9EC5-5CB73FC597C2"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF36FEA1-5043-4DE9-B0C6-E921B6BDBEFD"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "694C284B-FB35-4EEC-B5D2-47EFB797DEE2"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6B57D14-EDA9-490E-A8DC-EB0F97FA1944"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4465392E-3A19-44D4-9A94-06694C003166"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D00BBEBF-4BA5-4900-9F26-D59D8E28CD8E"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EBE292F-3E39-4003-A83E-729A80D1A2BE"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F93FAE54-5BA1-4C0B-B60B-0AF2D53B991D"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.4:ea1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11A753C1-A7D1-4350-BCB7-59C6F4ECA150"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0669B37-D33A-43F2-B6DF-E103D3124EF0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82AE91AD-529D-4917-9E2D-45C0B9B44CE8"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6EF0C8F-6F7B-464D-92F3-84E056C0E8E3"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7756B5B-9C0F-432B-9A3F-32024AAC452F"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6478DCD7-140F-45D8-94AC-C4073E5790B0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFFD1396-E045-4CCF-BF1F-7A631F4CD392"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "374C883B-A463-4F06-BAF2-A5C8774A32E9"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C70AFDA-0E9A-4BC2-8018-1C94B259BCA2"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25CAF1B8-7D55-47D6-8848-11A9679B8B76"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F516C9D0-C623-495D-BAC8-128E8773A5EC"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83059703-476C-4319-95CC-A1D2E786C003"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A870CE2-787D-43C7-9245-644E71BBFFE6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA0350A5-3515-4F32-8FD3-57E41A33FD9E"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65B95F28-C70E-4330-91C7-6DD7D2668DBE"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "101B7478-A7C7-4743-9A2F-BD42581603EC"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1084DE79-3480-4923-A97D-9E72ECCAB2D0"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F647F0AB-C9AA-428E-873E-4D824CADC710"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87992D8-B0EC-4447-8DA0-B7C9DC54983F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1647DCC-E58C-4440-BEBD-C3E99427427F"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72958D44-1C80-4DB3-90A7-2A110D428458"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D1FDC52-6C37-47B6-B0F9-5E0B36A7CA8E"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "184592C2-FA6B-41ED-A9CF-04411B067890"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97BEF2F5-E451-474C-A989-4CC1C39B0FB8"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "358317C3-0549-4834-9B1D-7C86835553DE"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43C788A7-422E-4F50-B8DE-F350E3B15957"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14E77D43-C72C-45A0-98E0-0337210CCB05"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9493CF1-1F27-45BF-B005-232538E3FA09"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87160D9-0CBC-4835-88D9-B1D095F64D38"
          },
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "444AD396-1D44-4477-8FAF-C6AAB113285F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gridgain:gridgain:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1693679A-1AE5-4586-8908-F89D37F4425F",
            "versionEndIncluding": "1.7.15"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
