Directory Traversal Vulnerability in IBM InfoSphere Information Server
CVE-2024-52363

6.5MEDIUM

Key Information:

Vendor
IBM
Status
Infosphere Information Server
Vendor
CVE Published:
17 January 2025

Summary

IBM InfoSphere Information Server 11.7 is vulnerable to a directory traversal attack. An attacker can exploit this vulnerability by sending a specially crafted URL that includes 'dot dot' sequences, such as '/../', allowing them to access unauthorized files on the server. This could lead to the exposure of sensitive information, potentially compromising the integrity and confidentiality of the system.

Affected Version(s)

InfoSphere Information Server 11.7

References

https://www.ibm.com/support/pages/node/7176515

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.