CVE-2023-38366

Name of the Vulnerable Software and Affected Versions IBM Filenet Content Manager Component versions 5.5.8.0 through 5.5.11.0

Description The issue is related to incorrect restriction of a directory path name with limited access. This could allow a remote attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Recommendations For versions 5.5.8.0 through 5.5.11.0, consider restricting access to the affected component until a patch is available. As a temporary workaround, avoid using URL requests containing "dot dot" sequences (/../) in the affected API endpoint until the issue is resolved.