CVE-2014-6222

CVE-2014-6222

EPSS 1.5%

Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://www-01.ibm.com/support/docview.wss?uid=swg1PO02715 http://www-01.ibm.com/support/docview.wss?uid=swg1PO03923 http://www-01.ibm.com/support/docview.wss?uid=swg1PO04455 http://www-01.ibm.com/support/docview.wss?uid=swg21902933