CVE-2013-6720

EUVD-2013-6522
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
ibmtealeaf_cx
7.1
ibmtealeaf_cx
7.2
ibmtealeaf_cx
8.0
ibmtealeaf_cx
8.1
ibmtealeaf_cx
8.2
ibmtealeaf_cx
8.3
ibmtealeaf_cx
8.4
ibmtealeaf_cx
8.5
ibmtealeaf_cx
8.6
ibmtealeaf_cx
8.7
ibmtealeaf_cx
8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/32546
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
http://www.exploit-db.com/exploits/32546
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a