Описание
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.2.0 (включая) до 4.2.0.2 (исключая)
Одновременно
cpe:2.3:a:ibm:security_guardium_key_lifecycle_manager:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00055
Низкий
4.3 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.3
github
около 2 лет назад
IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.
EPSS
Процентиль: 17%
0.00055
Низкий
4.3 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-22