Описание
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.
Уязвимость веб-интерфейса платформ управления рисками на предприятии IBM OpenPages и IBM OpenPages with Watson, позволяющая нарушителю записывать/перезаписывать произвольные файлы
EPSS
5.3 Medium
CVSS3
6.5 Medium
CVSS3