Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6720

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2013-6720
Last Modified 01 Apr 2014 02:26:59
Published 06 Mar 2014 06:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-6720

Summary

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.

Vulnerable Systems

Application

  • Ibm Tealeaf Cx 7.1

  • Ibm Tealeaf Cx 7.2

  • Ibm Tealeaf Cx 8.0

  • Ibm Tealeaf Cx 8.1

  • Ibm Tealeaf Cx 8.2

  • Ibm Tealeaf Cx 8.3

  • Ibm Tealeaf Cx 8.4

  • Ibm Tealeaf Cx 8.5

  • Ibm Tealeaf Cx 8.6

  • Ibm Tealeaf Cx 8.7

  • Ibm Tealeaf Cx 8.8


References

CONFIRM - https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a

XF - ibm-tealeaf-cve20136720-lfi(89229)

EXPLOIT-DB - 32546


Last Updated: 27 May 2016 11:04:34