CVE-2017-1279

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 29.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tealeaf Customer Experience

Timeline

PublishedJan 26

Latest updateMay 14

Description

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/tealeaf_customer_experience8.7, 8.8, 9.0.2+2

▶NVDibm/tealeaf_customer_experience8.7, 8.8, 9.0.2+2

Patches

Patch: exchange.xforce.ibmcloud.com ↗Patch: exchange.xforce.ibmcloud.com ↗

🔴Vulnerability Details

GHSA

GHSA-379v-m5cr-x8xw: IBM Tealeaf Customer Experience 8↗2022-05-14

▶

CVEList

CVE-2017-1279: IBM Tealeaf Customer Experience 8↗2018-01-26

▶