Zip Slip Vulnerability in IBM Case Manager Software
CVE-2018-1884

4.8MEDIUM

Key Information:

Vendor
IBM
Status
Case Manager
Vendor
CVE Published:
12 November 2018

Summary

IBM Case Manager software versions 5.2.0.0 to 5.3.3.0 are susceptible to a zip slip vulnerability, allowing remote attackers to potentially execute arbitrary code via crafted zip files. This exploitation leverages directory traversal techniques, posing significant security risks for affected installations. Users are advised to apply the latest security patches to mitigate this vulnerability.

Affected Version(s)

Case Manager 5.2.0.0

Case Manager 5.2.0.4

Case Manager 5.2.1.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10737897
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105946
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/151970
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.