Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0918

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-16 May, 2014 | 10:00
Updated At-06 Aug, 2024 | 09:34
Rejected At-
Credits

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:16 May, 2014 | 10:00
Updated At:06 Aug, 2024 | 09:34
Rejected At:
▼CVE Numbering Authority (CNA)

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
vendor-advisory
x_refsource_AIXAPAR
http://www.securityfocus.com/bid/67340
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21670753
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
vdb-entry
x_refsource_XF
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.securityfocus.com/bid/67340
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21670753
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.securityfocus.com/bid/67340
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21670753
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.securityfocus.com/bid/67340
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21670753
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:16 May, 2014 | 11:12
Updated At:12 Apr, 2025 | 10:46

Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:N/A:N
CPE Matches
IBM Corporation
ibm
>>websphere_portal>>6.1.0.0
cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.1
cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.2
cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.3
cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.4
cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.5
cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.0.6
cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.5.0
cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.5.1
cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.5.2
cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>6.1.5.3
cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.0
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.0
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.1
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>websphere_portal>>8.0.0.1
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21670753psirt@us.ibm.com
Vendor Advisory
http://www.securityfocus.com/bid/67340psirt@us.ibm.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91980psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21670753af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/67340af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91980af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21670753
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67340
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PI14125
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21670753
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67340
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91980
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

142Records found
CVE-2023-35016
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.66%
||
7 Day CHG~0.00%
Published-31 Jul, 2023 | 00:29
Updated-11 Oct, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Governance path traversal

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_governanceSecurity Verify Governance, Identity Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-35020
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 20.32%
||
7 Day CHG+0.02%
Published-19 Jan, 2024 | 01:05
Updated-21 Oct, 2024 | 11:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Control Center directory traversal

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernellinux_on_ibm_zwindowssterling_control_centeraixSterling Control Centersterling_control_center
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-45074
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.41%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:02
Updated-06 Sep, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM webMethods Integration directory traversal

IBM webMethods Integration 10.15 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-webmethods_integrationwebMethods Integration
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-55913
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 00:38
Updated-28 Aug, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert Software path traversal

IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-concertlinux_kernelConcert Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-56477
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 14:49
Updated-18 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Power Hardware Management Console directory traversal

IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-power_hardware_management_consolePower Hardware Management Console
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-54169
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 14:54
Updated-07 Jul, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM EntireX path traversal

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-entirexwindowslinux_kernelEntireX
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-45652
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG+0.01%
Published-19 Jan, 2025 | 02:42
Updated-18 Aug, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Maximo Asset Management directory traversal

IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_asset_managementMaximo Asset Management
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-22349
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.75%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 17:10
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_external_authentication_serverSterling External Authentication Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-2006
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-21 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files to the system. IBM X-Force ID: 155008.

Action-Not Available
Vendor-IBM Corporation
Product-robotic_process_automation_with_automation_anywhereRobotic Process Automation with Automation Anywhere
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1847
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.31% / 53.64%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 15:10
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0.0 through 2.0.0.5, v2.1.0.0 through 2.1.0.4, v2.1.1.0 through 2.1.1.4, and v3.0.0.0 through 3.0.0.8 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 150946.

Action-Not Available
Vendor-IBM Corporation
Product-financial_transaction_manager_for_multiplatformFinancial Transaction Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1797
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.61% / 68.69%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 16:00
Updated-17 Sep, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1884
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-1.58% / 80.83%
||
7 Day CHG-0.03%
Published-12 Nov, 2018 | 16:00
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.

Action-Not Available
Vendor-IBM Corporation
Product-case_managerCase Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-0823
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 02:31
Updated-02 Jul, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ path traversal

IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_analyticsCognos Analytics
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1770
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 65.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 12:00
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148686.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1744
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.36% / 57.25%
||
7 Day CHG~0.00%
Published-15 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1649
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.34% / 55.98%
||
7 Day CHG~0.00%
Published-05 Oct, 2018 | 13:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_incident_forensicsQRadar Incident Forensics
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1618
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.7||HIGH
EPSS-0.46% / 63.26%
||
7 Day CHG~0.00%
Published-02 Apr, 2019 | 13:20
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.

Action-Not Available
Vendor-IBM Corporation
Product-security_privileged_identity_managerSecurity Privileged Identity Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1723
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.76%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_network_insightsqradar_security_information_and_event_managerqradar_incident_forensicsSecurity QRadar SIEM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1671
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.48%
||
7 Day CHG~0.00%
Published-09 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1749
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 66.33%
||
7 Day CHG~0.00%
Published-13 Aug, 2018 | 16:00
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1548
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 64.79%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_file_gatewaySterling File Gateway
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1577
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.12%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_portalWebSphere Portal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-29695
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.65% / 69.99%
||
7 Day CHG~0.00%
Published-25 May, 2021 | 16:00
Updated-16 Sep, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbitrary files on the system. IBM X-Force ID: 200558.

Action-Not Available
Vendor-IBM Corporation
Product-8335-gta8335-gtb8335-gca8335-gtb_firmware8335-gca_firmware8335-gta_firmware8335-GTB8335-GTA8335-GCA
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-52363
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.04%
||
7 Day CHG+0.01%
Published-17 Jan, 2025 | 02:01
Updated-11 Mar, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server directory traversal

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverlinux_kernelwindowsInfoSphere Information Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-51453
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 23.06%
||
7 Day CHG~0.00%
Published-28 May, 2025 | 15:22
Updated-15 Aug, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy directory traversal

IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_secure_proxySterling Secure Proxy
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33164
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.7||HIGH
EPSS-0.04% / 9.51%
||
7 Day CHG~0.00%
Published-08 Sep, 2023 | 19:58
Updated-26 Sep, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Server path traversal

IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_serverSecurity Directory Integrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33165
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 13.36%
||
7 Day CHG~0.00%
Published-14 Oct, 2023 | 14:16
Updated-17 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Server information disclosure

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_integratorSecurity Directory Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-49780
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.03%
||
7 Day CHG+0.01%
Published-20 Feb, 2025 | 03:49
Updated-15 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages path traversal

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages could allow a remote attacker to traverse directories on the system. An attacker with privileges to perform Import Configuration could send a specially crafted http request containing "dot dot" sequences (/../) in the file name parameter used in Import Configuration to write files to arbitrary locations outside of the specified directory and possibly overwrite arbitrary files.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-openpages_with_watsonlinux_kernelwindowsOpenPages with Watson
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-0799
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.41%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:24
Updated-12 Aug, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise Arbitrary File Write

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseIBM App Connect Enterprise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0830
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4||MEDIUM
EPSS-0.24% / 46.90%
||
7 Day CHG~0.00%
Published-01 Feb, 2014 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.

Action-Not Available
Vendor-n/aIBM Corporation
Product-financial_transaction_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-41765
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 14:36
Updated-21 Mar, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Lifecycle Optimization - Publishing directory traversal

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelengineering_lifecycle_optimization_publishingwindowsEngineering Lifecycle Optimization Publishing
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-41784
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.30%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:40
Updated-20 Nov, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy directory traversal

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_secure_proxySterling Secure Proxy
CWE ID-CWE-32
Path Traversal: '...' (Triple Dot)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-20511
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.43% / 61.68%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 17:15
Updated-17 Sep, 2024 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

Action-Not Available
Vendor-IBM CorporationDocker, Inc.
Product-security_verify_accessdockerSecurity Verify Access Docker
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-4272
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-5.11% / 89.43%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-16 Sep, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadarQradar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-4934
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.67%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 14:35
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowscontent_navigatorlinux_kernelContent Navigator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-4776
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:05
Updated-16 Sep, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.

Action-Not Available
Vendor-IBM Corporation
Product-curam_social_program_managementCuram SPM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-4711
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 69.29%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 13:50
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-6002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-2.11% / 83.39%
||
7 Day CHG~0.00%
Published-28 Jan, 2009 | 15:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter.

Action-Not Available
Vendor-web-cpn/a
Product-web-cpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-16831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.44% / 62.15%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

Action-Not Available
Vendor-smartyn/a
Product-smartyn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2008-4437
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-10.55% / 92.96%
||
7 Day CHG~0.00%
Published-03 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-5755
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 68.96%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

Action-Not Available
Vendor-n/aOpen-Xchange AG
Product-open-xchange_appsuiten/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-3072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-06 Jun, 2007 | 10:00
Updated-07 Aug, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found