Описание
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.1.0 (включая) до 10.1.5 (включая)
Одновременно
cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00429
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.
EPSS
Процентиль: 62%
0.00429
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-22