CVE-2017-1308 — Files or Directories Accessible to External Parties in IBM Daeja Viewone

CWE-552 — Files or Directories Accessible to External Parties5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Daeja Viewone

Timeline

PublishedJul 13

Latest updateMay 13

Description

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/daeja_viewone4.1.5.1, 5.0+1

▶NVDibm/daeja_viewone4.1.5, 4.1.5.1, 5.0+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-cwx6-6644-ww5x: IBM Daeja ViewONE Professional, Standard & Virtual 4↗2022-05-13

▶

CVEList

CVE-2017-1308: IBM Daeja ViewONE Professional, Standard & Virtual 4↗2017-07-13

▶