CVE-2010-4622

Name of the Vulnerable Software and Affected Versions IBM Tivoli Access Manager for e-business version 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX

Description The issue allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI, which is a directory traversal vulnerability in WebSEAL.

Recommendations For IBM Tivoli Access Manager for e-business version 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX, update to version 6.1.1-TIV-AWS-FP0001 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.