CVE-2018-1618

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGH

EPSS

0.5%

top 34.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Privileged Identity Manager

Timeline

PublishedApr 2

Latest updateMay 13

Description

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5ibm/security_privileged_identity_manager2.1.1

▶NVDibm/security_privileged_identity_manager2.1.1

🔴Vulnerability Details

GHSA

GHSA-65jp-fmvg-vc8j: IBM Security Privileged Identity Manager Virtual Appliance 2↗2022-05-13

▶

CVEList

CVE-2018-1618: IBM Security Privileged Identity Manager Virtual Appliance 2↗2019-04-02

▶

💬Community

Bugzilla

CVE-2018-1140 libldb: LDAP server crash via distinguishedName↗2018-05-21

▶