CVE-2024-41765

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3

Description The issue allows a remote attacker to traverse directories on the system by sending a specially crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. This enables an attacker to access files outside the intended directory.

Recommendations For versions 7.0.2 and 7.0.3, consider restricting access to the system until a patch is available. As a temporary workaround, avoid using URL requests that contain dot dot sequences (/../) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.