CVE-2013-6304

CWE-22 — Path Traversal3 documents3 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 36.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Algo ONE IBM Algo Risk Application

Timeline

PublishedMar 6

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/algo_risk_application25 versions+24

▶NVDibm/algo_one4.9.1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-24jg-h6v2-qfrg: Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2↗2022-05-17

▶

CVEList

CVE-2013-6304: Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2↗2014-03-06

▶