Directory Traversal Vulnerability in IBM Cloud Pak System
CVE-2023-38012
5.3MEDIUM
What is CVE-2023-38012?
A vulnerability exists in IBM Cloud Pak System versions 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 that allows remote attackers to exploit directory traversal. By sending a specially crafted URL request consisting of 'dot dot' sequences (e.g., /../), an attacker may gain unauthorized access to view arbitrary files on the system, potentially leading to the exposure of sensitive information and a compromise of system integrity.
Affected Version(s)
Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0