CVE-2013-6720
published 2014-03-06CVE-2013-6720: Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2…
PriorityP274medium5.5CVSS 2.0
AVNACLAuSCPIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.37%
97.9th percentile
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
| ibm | tealeaf_cx | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect OS command injection attempts against /delivery.php by monitoring POST requests where 'testconn_host' contains shell metacharacters (semicolons, pipes) injected alongside a ping command pattern ↗
- →Flag unauthenticated POST requests to /delivery.php with perform_action=testconn — the exploit notes this endpoint requires no authentication ↗
- →The CSRF token field is ignored by the application; any POST to /delivery.php with perform_action=testconn should be treated as suspicious regardless of the csrf field value ↗
- ·The exploit targets the default port 8080 for the IBM Tealeaf CX PCA web console; detections should account for non-default port configurations ↗
CVSS provenance
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
IBM Tealeaf CX up to 8.7 Access Restriction download.php log path traversal (EDB-32546 / XFDB-89229)
vuldb·2026-05-07·CVSS 5.5
CVE-2013-6720 [MEDIUM] IBM Tealeaf CX up to 8.7 Access Restriction download.php log path traversal (EDB-32546 / XFDB-89229)
A vulnerability classified as problematic was found in IBM Tealeaf CX up to 8.7. This vulnerability affects unknown code of the file download.php of the component Access Restriction. Such manipulation of the argument log leads to path traversal.
This vulnerability is uniquely identified as CVE-2013-6720. The attack can be launched remotely. Moreover, an exploit is present.
GHSA
GHSA-qwhj-vxq4-c5pv: Directory traversal vulnerability in download
ghsa_unreviewed·2022-05-17
CVE-2013-6720 [MEDIUM] CWE-22 GHSA-qwhj-vxq4-c5pv: Directory traversal vulnerability in download
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
VulnCheck
IBM tealeaf_cx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2013·CVSS 5.5
CVE-2013-6720 [MEDIUM] IBM tealeaf_cx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
IBM tealeaf_cx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
Affected: IBM tealeaf_cx
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.checkpoint.com/security/december-2021s-most-wanted-malware-trickbot-emotet-and-the-log4j-pl
No detection rules found.
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/32546https://exchange.xforce.ibmcloud.com/vulnerabilities/89229https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7ahttp://www.exploit-db.com/exploits/32546https://exchange.xforce.ibmcloud.com/vulnerabilities/89229https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
2014-03-06
Published
Exploited in the wild