Zip Slip Vulnerability in IBM Case Manager Software
CVE-2018-1884

4.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 November 2018

Summary

IBM Case Manager software versions 5.2.0.0 to 5.3.3.0 are susceptible to a zip slip vulnerability, allowing remote attackers to potentially execute arbitrary code via crafted zip files. This exploitation leverages directory traversal techniques, posing significant security risks for affected installations. Users are advised to apply the latest security patches to mitigate this vulnerability.

Affected Version(s)

Case Manager 5.2.0.0

Case Manager 5.2.0.4

Case Manager 5.2.1.0

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.