Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-2619

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Feb, 2006 | 00:00
Updated At-07 Aug, 2024 | 22:30
Rejected At-
Credits

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Feb, 2006 | 00:00
Updated At:07 Aug, 2024 | 22:30
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/0500
vdb-entry
x_refsource_VUPEN
http://www.osvdb.org/23066
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/424717/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securitytracker.com/id?1015657
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/16576
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
vdb-entry
x_refsource_XF
http://secunia.com/advisories/16100
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/secunia_research/2005-30/advisory/
x_refsource_MISC
http://secunia.com/secunia_research/2005-66/advisory/
x_refsource_MISC
http://secunia.com/advisories/16280
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2006/0500
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.osvdb.org/23066
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/424717/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securitytracker.com/id?1015657
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/16576
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/16100
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/secunia_research/2005-30/advisory/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/secunia_research/2005-66/advisory/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/16280
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2006/0500
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.osvdb.org/23066
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/424717/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securitytracker.com/id?1015657
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/16576
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/16100
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/secunia_research/2005-30/advisory/
x_refsource_MISC
x_transferred
http://secunia.com/secunia_research/2005-66/advisory/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/16280
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/0500
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.osvdb.org/23066
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/424717/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securitytracker.com/id?1015657
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/16576
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/16100
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/secunia_research/2005-30/advisory/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/secunia_research/2005-66/advisory/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/16280
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2005 | 05:00
Updated At:03 Apr, 2025 | 01:03

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
autonomy
autonomy
>>keyview_export_sdk>>*
cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
autonomy
autonomy
>>keyview_filter_sdk>>*
cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
autonomy
autonomy
>>keyview_viewer_sdk>>*
cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.0.1
cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.0.2
cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.0.3
cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.0.4
cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.0.5
cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.5
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.5.1
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.5.2
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.5.3
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>6.5.4
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>lotus_notes>>7.0
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/16100cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/advisories/16280cve@mitre.org
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-30/advisory/cve@mitre.org
Vendor Advisory
http://secunia.com/secunia_research/2005-66/advisory/cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1015657cve@mitre.org
Patch
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918cve@mitre.org
Patch
http://www.osvdb.org/23066cve@mitre.org
Patch
http://www.securityfocus.com/archive/1/424717/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/16576cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/0500cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637cve@mitre.org
N/A
http://secunia.com/advisories/16100af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/advisories/16280af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://secunia.com/secunia_research/2005-30/advisory/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/secunia_research/2005-66/advisory/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1015657af854a3a-2127-422b-91ae-364da2661108
Patch
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.osvdb.org/23066af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/archive/1/424717/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/16576af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/0500af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/16100
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/16280
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/secunia_research/2005-30/advisory/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/secunia_research/2005-66/advisory/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1015657
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.osvdb.org/23066
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securityfocus.com/archive/1/424717/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/16576
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/0500
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/16100
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/advisories/16280
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://secunia.com/secunia_research/2005-30/advisory/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/secunia_research/2005-66/advisory/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1015657
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.osvdb.org/23066
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/archive/1/424717/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/16576
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/0500
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

348Records found
CVE-2022-43864
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 22.34%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 18:07
Updated-31 Mar, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.

Action-Not Available
Vendor-IBM Corporation
Product-business_automation_workflowbusiness_monitorBusiness Monitor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-43857
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 20:20
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Navigator for i information disclosure

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.

Action-Not Available
Vendor-IBM Corporation
Product-iNavigator for i
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-43858
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.48%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 20:34
Updated-15 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Navigator for i information disclosure

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303.

Action-Not Available
Vendor-IBM Corporation
Product-iNavigator for i
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-8913
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lms_on_cloudKenexa LMS on Cloud
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-8933
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lmsKenexa LMS on Cloud
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-40607
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 15.06%
||
7 Day CHG-0.00%
Published-19 Dec, 2022 | 19:36
Updated-17 Apr, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Scale directory traversal

IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_scalelinux_kernelSpectrum Scale
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-40608
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.31% / 53.32%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 17:25
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-22328
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.19%
||
7 Day CHG+0.02%
Published-06 Apr, 2024 | 11:40
Updated-14 Jan, 2025 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 279950.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_application_suiteMaximo Application Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-5941
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lmsKenexa LMS on Cloud
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-6126
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-kenexa_lms_on_cloudKenexa LMS on Cloud
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-6023
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_secure_proxyn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-4988
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-18 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tealeaf_customer_experiencen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-2007
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.17% / 38.89%
||
7 Day CHG~0.00%
Published-03 Jan, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-qradar_security_information_and_event_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-5956
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-14 Nov, 2007 | 11:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_dynamic_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-1884
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.81% / 73.25%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-business_process_managerwebspheren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-50955
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.4||LOW
EPSS-0.22% / 44.49%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 14:32
Updated-10 Dec, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-0107
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-7.17% / 91.20%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 06:12
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-change_and_configuration_management_databasemaximo_for_utilitiesmaximo_for_transportationtivoli_asset_management_for_ittivoli_service_request_managermaximo_for_oil_and_gasmaximo_for_life_sciencesmaximo_for_governmentmaximo_for_nuclear_powermaximo_asset_management_essentialsmaximo_asset_managementn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-4271
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.05% / 14.57%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-47702
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 16.92%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 01:11
Updated-02 Aug, 2024 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager directory traversal

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixsecurity_guardium_key_lifecycle_managerwindowslinux_kernelSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-0171
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.93% / 75.14%
||
7 Day CHG~0.00%
Published-25 May, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_siteprotector_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-5970
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.52%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_privileged_identity_manager_virtual_appliancen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-4834
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-1.69% / 81.46%
||
7 Day CHG~0.00%
Published-30 Nov, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-6038
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 45.05%
||
7 Day CHG~0.00%
Published-26 Sep, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6194
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.58% / 68.02%
||
7 Day CHG~0.00%
Published-17 Feb, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_for_life_sciencesmaximo_for_governmentsmartcloud_control_deskmaximo_asset_management_essentialsmaximo_for_nuclear_powerchange_and_configuration_management_databasetivoli_service_request_managermaximo_for_transportationmaximo_for_oil_and_gasmaximo_asset_managementtivoli_asset_management_for_itmaximo_for_utilitiesn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6158
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-9||HIGH
EPSS-2.36% / 84.30%
||
7 Day CHG~0.00%
Published-10 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.

Action-Not Available
Vendor-n/aIBM Corporation
Product-workload_deployerpureapplication_systemn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6182
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.39% / 59.20%
||
7 Day CHG~0.00%
Published-17 Dec, 2014 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-business_process_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6149
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.66% / 70.14%
||
7 Day CHG~0.00%
Published-29 Oct, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_application_dependency_discovery_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6154
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.37%
||
7 Day CHG~0.00%
Published-13 Feb, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kerneloptim_performance_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6222
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-07 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-marketing_operationsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-2872
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.59%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_qradar_incident_forensicsqradar_security_information_and_event_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-46177
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.05%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 14:11
Updated-02 Aug, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ Appliance information disclosure

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system. IBM X-Force ID: 269536.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-6155
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.32% / 54.02%
||
7 Day CHG~0.00%
Published-24 Dec, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_service_registry_and_repositoryn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3993
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-18.64% / 95.02%
||
7 Day CHG~0.00%
Published-07 Jul, 2014 | 10:00
Updated-20 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||The impacted product is end-of-life and should be disconnected if still in use.

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_biginsightsn/aInfoSphere BigInsights
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20354
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.29% / 51.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 15:10
Updated-16 Sep, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-4460
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.32%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 18:25
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-4423
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.38%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:20
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20517
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.4||MEDIUM
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 14:05
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_server_ndWebSphere Application Server ND
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0918
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.19% / 41.12%
||
7 Day CHG~0.00%
Published-16 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_portaln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2981
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 25.72%
||
7 Day CHG~0.00%
Published-17 Jun, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-data_studion/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-6304
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.61% / 68.84%
||
7 Day CHG~0.00%
Published-06 Mar, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_onealgo_risk_applicationn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-6303
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-05 Mar, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-algo_onen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2979
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.20% / 42.51%
||
7 Day CHG~0.00%
Published-22 Aug, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_optim_performance_manageroptim_performance_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2978
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.26% / 48.79%
||
7 Day CHG~0.00%
Published-27 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_business_intelligencen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3042
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_software_architect_design_managerrhapsody_design_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2988
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.36% / 57.65%
||
7 Day CHG~0.00%
Published-27 Aug, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.

Action-Not Available
Vendor-n/aIBM Corporation
Product-cognos_business_intelligencen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-4054
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.65%
||
7 Day CHG~0.00%
Published-02 Mar, 2014 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_mqn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2984
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.55%
||
7 Day CHG~0.00%
Published-03 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-sterling_file_gatewaysterling_b2b_integratorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3043
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.02% / 4.39%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_software_architect_design_managerrhapsody_design_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3004
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.14% / 34.94%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_application_dependency_discovery_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3001
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.63%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 18:00
Updated-06 Aug, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_data_replication_dashboardn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found