CVE-2018-1797

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0

Description The issue allows a local attacker to traverse directories on the system by exploiting a "Zip-Slip" vulnerability. This can be achieved by persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), which could then be used to write to arbitrary files on the system.

Recommendations For IBM WebSphere Application Server versions 7.0 through 9.0, consider restricting the extraction of ZIP archives to prevent directory traversal until a fix is available. As a temporary workaround, avoid extracting ZIP archives from untrusted sources to minimize the risk of exploitation.