header-logo
Suggest Exploit
vendor:
IBM Tivoli Access Manager for e-business
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: IBM Tivoli Access Manager for e-business
Affected Version From: 6.1.2001
Affected Version To: 6.1.2001
Patch Exists: NO
Related CWE:
CPE: a:ibm:tivoli_access_manager_for_e-business:6.1.1
Metasploit:
Other Scripts:
Platforms Tested:

IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability

IBM Tivoli Access Manager for e-business is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Mitigation:

Apply vendor patches or updates to address this vulnerability. Implement input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45582/info

IBM Tivoli Access Manager for e-business is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

IBM Tivoli Access Manager for e-business 6.1.1 is vulnerable. 

http://www.example.com/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/%uff0e%uff0e/etc/passwd

Navigation

Suggest Exploit

Services By CQR