CVE-2005-1244

Name of the Vulnerable Software and Affected Versions: NetIQ Security Manager (affected versions not specified) iSeries Security Solutions (affected versions not specified)

Description: A directory traversal issue in a third-party tool used to secure the iSeries AS/400 FTP server may allow remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request to the "/api/ftp" endpoint, for example, using the filename variable. However, the vendor has disputed this issue, stating that neither NetIQ Security Manager nor their iSeries Security Solutions are vulnerable.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.