Ibm · Ibm Tealeaf Customer Experience · CVE-2017-1279
Name of the Vulnerable Software and Affected Versions:
IBM Tealeaf Customer Experience versions 8.7 through 9.0.2
Description:
The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing `dot dot` sequences (`/../`) to view arbitrary files on the system.
Recommendations:
For versions 8.7 through 9.0.2, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to send specially-crafted URL requests to the system.