CVE-2012-2202

Sažetak

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

Reference

http://secunia.com/advisories/49897
http://www.kb.cert.org/vuls/id/659791
http://www-01.ibm.com/support/docview.wss?uid=swg21605630
https://exchange.xforce.ibmcloud.com/vulnerabilities/76801

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

22-12-2017 - 02:29

Objavljeno

27-07-2012 - 10:27