Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
References
Link | Resource |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21694035 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/98605 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2015-02-17T01:00:00
Updated: 2017-09-07T15:57:01
Reserved: 2014-09-02T00:00:00
Link: CVE-2014-6194
JSON object: View
NVD Information
Status : Modified
Published: 2015-02-17T01:59:01.317
Modified: 2017-09-08T01:29:12.217
Link: CVE-2014-6194
JSON object: View
Redhat Information
No data.
CWE