CVE-2024-41765
published 2025-01-04CVE-2024-41765: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | engineering_lifecycle_optimization_publishing | — | — |
| ibm | engineering_lifecycle_optimization_publishing | — | — |
| ibm | engineering_lifecycle_optimization_publishing | — | — |