Directory Traversal Vulnerability in IBM Proventia Mail Security System
CVE-2010-0154

Currently unrated

Key Information:

Vendor: IBM
Status: Proventia Network Mail Security System Virtual Appliance; Proventia Network Mail Security System Virtual Appliance Firmware
Vendor: CVE Published:; 14 September 2010

Summary

A directory traversal vulnerability exists in the Local Management Interface (LMI) of the IBM Proventia Network Mail Security System. This issue allows remote authenticated users to manipulate file paths and access sensitive files on the server by including directory traversal sequences in the request parameters. The vulnerability primarily stems from improper validation of user inputs in the sla/index.php file, which makes it possible to exploit the system and gain unauthorized access to data.

References

http://www.ventuneac.net/security-advisories/MVSA-10-008

x_refsource_MISC

http://www.securityfocus.com/archive/1/513637/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 14, 2010
Vulnerability Reserved
Jan 4, 2010