CVE-2018-1744
published 2018-10-15CVE-2018-1744: IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | — | — |
| ibm | security_key_lifecycle_manager | 2.5.0 – 2.5.0.9 | — |
| ibm | security_key_lifecycle_manager | 2.6.0 – 2.6.0.4 | — |
| ibm | security_key_lifecycle_manager | 2.7.0 – 2.7.0.3 | — |
| ibm | security_key_lifecycle_manager | 3.0.0 – 3.0.0.1 | — |