CVE-2014-5470

high-risk

Published 2024-06-21

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.

Do I need to act?

78.1% chance of exploitation in next 30 days

EPSS score — higher than 22% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

35549

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

References (4)

https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549

https://www.exploit-db.com/exploits/35549

https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=35549

https://www.exploit-db.com/exploits/35549

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 27/34 · High

Exposure 5/34 · Minimal