CVE-2020-4776

Опубликовано: 12 окт. 2020

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/189154
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6346573
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/189154
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6346573
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:curam_social_program_management:7.0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:curam_social_program_management:7.0.10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00566

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-5wqj-3mhr-wm77

github

больше 3 лет назад

EPSS

Процентиль: 68%

0.00566

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22