CVE-2018-1744Path Traversal in IBM Security KEY Lifecycle Manager

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
CNA7.7
EPSS
0.4%
top 40.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security KEY Lifecycle Manager
Timeline
PublishedOct 15
Latest updateMay 13

Description

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/security_key_lifecycle_manager2.5.02.5.0.9+3
CVEListV5ibm/security_key_lifecycle_manager4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9rfc-w422-2568: IBM Security Key Lifecycle Manager 22022-05-13
CVEList
CVE-2018-1744: IBM Security Key Lifecycle Manager 22018-10-15
CVE-2018-1744 — Path Traversal in IBM | cvebase