Directory Traversal Vulnerability in IBM Tealeaf CX Web Console
CVE-2013-6720

Currently unrated

Key Information:

Vendor: IBM
Status: Tealeaf Cx
Vendor: CVE Published:; 6 March 2014

Summary

A directory traversal vulnerability exists in the download.php script of the Passive Capture Application (PCA) web console in IBM Tealeaf CX. This flaw permits remote authenticated users to bypass access restrictions by manipulating the log parameter with directory traversal sequences ('..'). This exploit can potentially expose sensitive files on the server, as demonstrated through crafted requests targeting customer support files.

References

http://www.exploit-db.com/exploits/32546

exploitx_refsource_EXPLOIT-DB

https://tealeaf.support.ibmcloud.com/FileManagement/Downl...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/89229

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 6, 2014
Vulnerability Reserved
Nov 8, 2013