CVE-2020-5001Path Traversal in IBM Financial Transaction Manager

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
CNA4.3
EPSS
0.4%
top 40.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Financial Transaction Manager
Timeline
PublishedMar 1
Latest updateMar 2

Description

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/financial_transaction_manager3.2.03.2.7

🔴Vulnerability Details

2
GHSA
GHSA-8gf6-h6wm-2vf6: IBM Financial Transaction Manager 32023-03-02
CVEList
IBM Financial Transaction Manager path traversal2023-03-01
CVE-2020-5001 — Path Traversal in IBM | cvebase