CVE-2016-6038

Name of the Vulnerable Software and Affected Versions IBM Tivoli Lightweight Infrastructure (LWI) versions in AIX 5.3, 6.1, and 7.1 IBM System Director Console for AIX (pconsole) (affected versions not specified) Web Based System Management Remote Client (WebSM Remote) (affected versions not specified)

Description A directory traversal issue in the Eclipse Help component allows remote attackers to read arbitrary files via a crafted URL. This issue affects remote authenticated users.

Recommendations For IBM Tivoli Lightweight Infrastructure (LWI) in AIX 5.3, 6.1, and 7.1, restrict access to the Eclipse Help component until a fix is available. For IBM System Director Console for AIX (pconsole), consider disabling remote access to the Eclipse Help component as a temporary workaround. For Web Based System Management Remote Client (WebSM Remote), avoid using the vulnerable Eclipse Help component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.