Directory Traversal Vulnerability in IBM Tivoli Access Manager for E-business
CVE-2010-4622

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Access Manager For E-business
Vendor: CVE Published:; 30 December 2010

Summary

A directory traversal vulnerability exists in the WebSEAL component of IBM Tivoli Access Manager for e-business 6.1.1 prior to version 6.1.1-TIV-AWS-FP0001 on AIX systems. This flaw allows remote attackers to exploit encoded URIs using the '%uff0e%uff0e' sequence (representing a dot dot) to read arbitrary files on the server. Such exploitation could lead to unauthorized access to sensitive information and critical system files, potentially compromising the integrity and confidentiality of the affected system.

References

http://www.vupen.com/english/advisories/2010/3329

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/45582

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg24028829

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 30, 2010
Vulnerability Reserved
Dec 30, 2010