CVE-2012-1196

Name of the Vulnerable Software and Affected Versions Lenovo ThinkManagement Console version 9.0.3

Description A directory traversal issue exists in the VulCore web service, allowing remote attackers to delete arbitrary files. This is achieved by including a .. (dot dot) in the filename parameter within a SetTaskLogByFile SOAP request to the 'WSVulnerabilityCore/VulCore.asmx' endpoint.

Recommendations For Lenovo ThinkManagement Console version 9.0.3, restrict access to the VulCore web service to minimize the risk of exploitation. Avoid using the filename parameter in the SetTaskLogByFile SOAP request to the 'WSVulnerabilityCore/VulCore.asmx' endpoint until the issue is resolved.