PT-2025-6726 · Ibm · Ibm Hardware Management Console
Published
2025-02-14
·
Updated
2025-08-18
·
CVE-2024-56477
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Power Hardware Management Console version 10.3.1050.0
Description
The issue allows an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Recommendations
For IBM Power Hardware Management Console version 10.3.1050.0, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, avoid using URL requests that contain "dot dot" sequences (/../) to prevent directory traversal.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Hardware Management Console