Description

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors.

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

Remediation

Update to the latest version of IBM Tivoli Access Manager.

References

CVE-2011-0494

CVE-2010-4622

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

WordPress Plugin Cross-RSS Directory Traversal (1.7)

WordPress Plugin GD Rating System Multiple Vulnerabilities (2.3)

Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296)

Severity

High

Classification

CVE-2010-4622 CVE-2011-0494 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Directory Traversal Known Vulnerabilities