Directory Traversal Vulnerability in IBM EntireX 11.1
CVE-2024-54169

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Entirex
Vendor: CVE Published:; 27 February 2025

Summary

IBM EntireX 11.1 contains a vulnerability that allows an authenticated attacker to execute directory traversal attacks. By manipulating URL requests with sequences like '/../', the attacker can gain unauthorized access to arbitrary files within the system. This could lead to exposure of sensitive data and compromise of system integrity.

Affected Version(s)

EntireX 11.1

References

https://www.ibm.com/support/pages/node/7184194

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Nov 30, 2024