Path Traversal in Ibm Aix

CVE-2010-4622

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (59.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Aix
Ibm Tivoli_access_manager_for_e-business — versions 6.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

ADV-2010-3329 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
45582 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
1024927 (vdb-entry, x_refsource_SECTRACK)
70158 (x_refsource_OSVDB, vdb-entry)
42727 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
tivoli-ebusiness-unspecified-dir-traversal(64306) (vdb-entry, x_refsource_XF)