CVE-2017-5182

Name of the Vulnerable Software and Affected Versions Open Enterprise Server (OES) versions prior to OES2015 SP1 Maintenance Update 11080 Open Enterprise Server (OES) versions prior to OES2015 Maintenance Update 11079 Open Enterprise Server (OES) versions prior to OES11 SP3 Maintenance Update 11078 Open Enterprise Server (OES) versions prior to OES11 SP2 Maintenance Update 11077

Description The issue allows unauthenticated remote attackers to read any arbitrary file via a specially crafted URL, enabling complete directory traversal and total information disclosure.

Recommendations For OES2015 SP1, apply Maintenance Update 11080 to resolve the issue. For OES2015, apply Maintenance Update 11079 to resolve the issue. For OES11 SP3, apply Maintenance Update 11078 to resolve the issue. For OES11 SP2, apply Maintenance Update 11077 to resolve the issue.