CVE-2014-6222

Name of the Vulnerable Software and Affected Versions IBM Marketing Operations versions 7.x through 8.5.0.7.1 IBM Marketing Operations versions 8.6.x through 8.6.0.7 IBM Marketing Operations versions 9.0.x through 9.0.0.4 IBM Marketing Operations versions 9.1.0.x through 9.1.0.4 IBM Marketing Operations versions 9.1.1.x through 9.1.1.1

Description The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. This is a result of a directory traversal vulnerability.

Recommendations For IBM Marketing Operations versions 7.x through 8.5.0.7.1, update to version 8.5.0.7.2 or later. For IBM Marketing Operations versions 8.6.x through 8.6.0.7, update to version 8.6.0.8 or later. For IBM Marketing Operations versions 9.0.x through 9.0.0.4, update to version 9.0.0.4.1 or later. For IBM Marketing Operations versions 9.1.0.x through 9.1.0.4, update to version 9.1.0.5 or later. For IBM Marketing Operations versions 9.1.1.x through 9.1.1.1, update to version 9.1.1.2 or later.