PT-2015-3824 · Ibm · Ibm Infosphere Optim Performance Manager For Db2+1
Published
2015-02-13
·
Updated
2017-09-08
·
CVE-2014-6154
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Optim Performance Manager for DB2 versions 4.1.0.1 through 4.1.1
IBM InfoSphere Optim Performance Manager for DB2 versions 5.1 through 5.3.1
Description
The issue allows remote attackers to access arbitrary files via a .. (dot dot) in a URL, due to a directory traversal vulnerability.
Recommendations
For IBM Optim Performance Manager for DB2 versions 4.1.0.1 through 4.1.1, update to a version outside of this range to resolve the issue.
For IBM InfoSphere Optim Performance Manager for DB2 versions 5.1 through 5.3.1, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Infosphere Optim Performance Manager For Db2
Ibm Optim Performance Manager For Db2