Описание
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
- US Government Resource
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535.
Уязвимость приложения для выявления, анализа и визуализация бизнес-рисков IBM Data Risk Manager, связанная с недостатками проверки имени пути к каталогу с ограниченным доступом, позволяющая нарушителю записывать произвольные файлы
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2