Directory Traversal Vulnerability in IBM Lotus Protector for Mail Security
CVE-2012-2202

Currently unrated

Key Information:

Vendor

IBM
Status
Lotus Protector For Mail Security
Vendor
CVE Published:
27 July 2012

What is CVE-2012-2202?

A directory traversal vulnerability exists in the javatester_init.php file of IBM Lotus Protector for Mail Security and IBM ISS Proventia Network Mail Security System. This flaw allows remote authenticated administrators to exploit the template parameter by utilizing sequence patterns to navigate up the directory structure, enabling them to read arbitrary files on the server. Proper input validation sanitization is crucial to mitigate the risks associated with this vulnerability.

References

http://www.kb.cert.org/vuls/id/659791
third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/49897
third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21605630
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.