Remote Directory Traversal Vulnerability Affects IBM Filenet Content Manager
CVE-2023-38366

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Filenet Content Manager
Vendor: CVE Published:; 1 March 2024

What is CVE-2023-38366?

A directory traversal vulnerability exists in the IBM Filenet Content Manager, specifically affecting version 5.5.8.0, 5.5.10.0, and 5.5.11.0. This issue could be exploited by a remote attacker who sends a specially crafted URL containing 'dot dot' sequences (/../) to traverse directories and access sensitive files on the server. Proper input validation mechanisms should be periodically evaluated to prevent unauthorized file access.

Affected Version(s)

Filenet Content Manager 5.5.8.0, 5.5.10.0, 5.5.11.0

References

https://www.ibm.com/support/pages/node/7039783

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/261115

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Jul 16, 2023