CVE-2018-15138

Name of the Vulnerable Software and Affected Versions Ericsson-LG iPECS NMS version 30M

Description The issue allows directory traversal via /ipecs-cm/download?filename=../ URIs. This could potentially allow access to sensitive files or data.

Recommendations For Ericsson-LG iPECS NMS version 30M, consider restricting access to the /ipecs-cm/download API endpoint to minimize the risk of exploitation. Avoid using the filename parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.