CVE-2023-24960

Name of the Vulnerable Software and Affected Versions IBM InfoSphere Information Server version 11.7

Description The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing dot dot sequences (../) to view arbitrary files on the system.

Recommendations For IBM InfoSphere Information Server version 11.7, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, limit the ability to send specially crafted URL requests to prevent directory traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.