Directory Traversal Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2018-1618

7.7HIGH

Key Information:

Vendor: IBM
Status: Security Privileged Identity Manager
Vendor: CVE Published:; 2 April 2019

Summary

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is susceptible to a directory traversal flaw that permits remote attackers to craft specific URL requests. By utilizing 'dot dot' sequences (../), attackers can exploit this vulnerability to access and view arbitrary files within the system. This exposes sensitive data and can lead to further compromises. For detailed information, refer to IBM's documentation and X-Force vulnerability reports.

Affected Version(s)

Security Privileged Identity Manager 2.1.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10879093

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/144343

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 2, 2019
Vulnerability Reserved
Dec 13, 2017