Description

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors.

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

Remediation

Update to the latest version of IBM Tivoli Access Manager.

References

CVE-2011-0494

CVE-2010-4622

Related Vulnerabilities

WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)

Drupal Core 8.9.x Directory Traversal (8.9.0 - 8.9.16)

WordPress Plugin WP-Lister Lite for eBay Directory Traversal (2.0.20)

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

WordPress Plugin Smush Image Compression and Optimization Directory Traversal (2.7.5)

Severity

High

Classification

CVE-2010-4622 CVE-2011-0494 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Directory Traversal Known Vulnerabilities