PT-2020-7560 · Supermicro · Supermicro Ipmi
Published
2020-01-23
·
Updated
2020-02-04
·
CVE-2013-6785
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Supermicro IPMI versions prior to SMT X9 315
Description:
The issue allows authenticated attackers to read arbitrary files. This is achieved via the
url name parameter in the url redirect.cgi file.Recommendations:
For versions prior to SMT X9 315, update to SMT X9 315 or later to resolve the issue. As a temporary workaround, consider restricting access to the
url redirect.cgi file until a patch is available. Avoid using the url name parameter in the affected API endpoint until the issue is resolved.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Supermicro Ipmi