cbcvebase.
CVE-2013-6720
published 2014-03-06

CVE-2013-6720: Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2…

PriorityP274medium5.5CVSS 2.0
AVNACLAuSCPIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.37%
97.9th percentile
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.

Affected

11 ranges
VendorProductVersion rangeFixed in
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx

Detection & IOCsextracted from sources · hover to see the quote

path/download.php
path/delivery.php
url/download.php?log=../../etc/passwd
command8.8.8.8 -c 1 ; {cmd} ; ping 8.8.8.8 -c 1
otherperform_action=testconn
port8080
port1966
  • Detect OS command injection attempts against /delivery.php by monitoring POST requests where 'testconn_host' contains shell metacharacters (semicolons, pipes) injected alongside a ping command pattern
  • Flag unauthenticated POST requests to /delivery.php with perform_action=testconn — the exploit notes this endpoint requires no authentication
  • The CSRF token field is ignored by the application; any POST to /delivery.php with perform_action=testconn should be treated as suspicious regardless of the csrf field value
  • ·The exploit targets the default port 8080 for the IBM Tealeaf CX PCA web console; detections should account for non-default port configurations

CVSS provenance

nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.