Zip Slip Vulnerability in IBM Case Manager Software
CVE-2018-1884

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Case Manager
Vendor: CVE Published:; 12 November 2018

🔔 Create IBM Vulnerability Alert

What is CVE-2018-1884?

IBM Case Manager software versions 5.2.0.0 to 5.3.3.0 are susceptible to a zip slip vulnerability, allowing remote attackers to potentially execute arbitrary code via crafted zip files. This exploitation leverages directory traversal techniques, posing significant security risks for affected installations. Users are advised to apply the latest security patches to mitigate this vulnerability.

Affected Version(s)

Case Manager 5.2.0.0

Case Manager 5.2.0.4

Case Manager 5.2.1.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10737897

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105946

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/151970

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2018
Vulnerability Reserved
Dec 13, 2017

.

CVE-2018-1884 : Zip Slip Vulnerability in IBM Case Manager Software