CVE-2013-6720

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
ibmtealeaf_cx
7.1
ibmtealeaf_cx
7.2
ibmtealeaf_cx
8.0
ibmtealeaf_cx
8.1
ibmtealeaf_cx
8.2
ibmtealeaf_cx
8.3
ibmtealeaf_cx
8.4
ibmtealeaf_cx
8.5
ibmtealeaf_cx
8.6
ibmtealeaf_cx
8.7
ibmtealeaf_cx
8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/32546
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
http://www.exploit-db.com/exploits/32546
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a