PT-2015-3824 · Ibm · Ibm Infosphere Optim Performance Manager For Db2+1

Publicado

2015-02-13

·

Atualizado

2017-09-08

·

CVE-2014-6154

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Optim Performance Manager for DB2 versions 4.1.0.1 through 4.1.1 IBM InfoSphere Optim Performance Manager for DB2 versions 5.1 through 5.3.1
Description The issue allows remote attackers to access arbitrary files via a .. (dot dot) in a URL, due to a directory traversal vulnerability.
Recommendations For IBM Optim Performance Manager for DB2 versions 4.1.0.1 through 4.1.1, update to a version outside of this range to resolve the issue. For IBM InfoSphere Optim Performance Manager for DB2 versions 5.1 through 5.3.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2014-6154

Produtos afetados

Ibm Infosphere Optim Performance Manager For Db2
Ibm Optim Performance Manager For Db2