CVE-2024-54169

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 52.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Entirex
Timeline
PublishedFeb 27

Description

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/entirex11.1
NVDibm/entirex11.1

🔴Vulnerability Details

2
CVEList
IBM EntireX path traversal2025-02-27
GHSA
GHSA-hjq6-x5xh-mcp3: IBM EntireX 112025-02-27
CVE-2024-54169 (MEDIUM CVSS 6.5) | IBM EntireX 11.1 could allow an aut | cvebase.io