CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities (Directory Traversal)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-6038 22 Dir. Trav. 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
2 CVE-2016-6023 22 Dir. Trav. 2016-10-06 2016-11-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted URL.
3 CVE-2016-5970 22 Dir. Trav. 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
4 CVE-2016-5946 200 Dir. Trav. +Info 2016-09-26 2016-11-28
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
5 CVE-2016-2933 22 Dir. Trav. 2016-11-30 2016-11-30
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
6 CVE-2016-2872 22 Dir. Trav. 2016-07-02 2016-07-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
7 CVE-2016-0298 200 Dir. Trav. +Info 2016-06-28 2016-06-29
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.
8 CVE-2015-7820 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
9 CVE-2015-7817 362 Dir. Trav. 2015-11-11 2015-11-12
7.1
None Remote Medium Not required Complete None None
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
10 CVE-2015-4988 22 Dir. Trav. 2016-01-18 2016-01-21
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.
11 CVE-2015-2007 22 Dir. Trav. 2016-01-02 2016-01-07
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.
12 CVE-2015-1977 200 Dir. Trav. +Info 2016-07-15 2016-07-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
13 CVE-2015-1884 22 Dir. Trav. 2015-06-28 2016-08-03
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
14 CVE-2015-0171 22 Dir. Trav. 2015-05-25 2015-05-26
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files via unspecified vectors.
15 CVE-2014-6222 22 Dir. Trav. 2015-06-07 2015-06-08
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
16 CVE-2014-6194 22 Dir. Trav. 2015-02-16 2015-02-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in an unspecified web form in IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX007, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to read arbitrary files via a .. (dot dot) in a pathname.
17 CVE-2014-6182 22 Dir. Trav. 2014-12-16 2014-12-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
18 CVE-2014-6158 22 Exec Code Dir. Trav. 2015-01-09 2015-01-12
9.0
None Remote Low Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in the file-upload feature in IBM PureApplication System 1.0 before 1.0.0.4 iFix 10, 1.1 before 1.1.0.5, and 2.0 before 2.0.0.1 and Workload Deployer 3.1.0.7 before IF5 allow remote authenticated users to execute arbitrary code via a (1) Script Package, (2) Add-On, or (3) Emergency Fixes component.
19 CVE-2014-6155 22 Dir. Trav. 2014-12-24 2014-12-24
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors.
20 CVE-2014-6154 22 Dir. Trav. 2015-02-12 2015-04-13
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.
21 CVE-2014-6149 22 Dir. Trav. 2014-10-29 2015-11-25
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors.
22 CVE-2014-6095 22 Dir. Trav. 2014-11-17 2014-12-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors.
23 CVE-2014-0918 22 Dir. Trav. 2014-05-16 2014-05-16
7.1
None Remote Medium Not required Complete None None
Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF27, and 8.0 before 8.0.0.1 CF06 allows remote attackers to read arbitrary files via a crafted URL.
24 CVE-2014-0830 22 Dir. Trav. 2014-02-01 2014-02-03
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.
25 CVE-2013-6720 22 1 Dir. Trav. Bypass 2014-03-06 2014-04-01
5.5
None Remote Low Single system Partial Partial None
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
26 CVE-2013-6304 22 Dir. Trav. Bypass 2014-03-06 2015-10-23
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in Algo Risk Application (ARA) 2.4.0.1 through 4.9.1 in IBM Algo One allow remote authenticated users to bypass intended access restrictions via a crafted pathname for a (1) configuration or (2) JAR file.
27 CVE-2013-6303 22 Dir. Trav. 2014-03-05 2014-03-07
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors.
28 CVE-2013-4054 22 Dir. Trav. 2014-03-01 2014-03-03
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI.
29 CVE-2013-3043 22 Dir. Trav. 2013-12-14 2013-12-16
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in the client in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
30 CVE-2013-3042 22 Dir. Trav. 2013-12-14 2013-12-16
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files.
31 CVE-2013-3004 22 Dir. Trav. 2014-07-01 2014-07-17
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.
32 CVE-2013-2988 22 Dir. Trav. 2013-08-26 2013-08-27
2.6
None Remote High Not required Partial None None
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978.
33 CVE-2013-2984 22 Dir. Trav. 2013-07-03 2013-07-03
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors.
34 CVE-2013-2981 22 Dir. Trav. 2013-06-17 2013-06-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Web Console in IBM Data Studio 3.1.0 and 3.1.1 allows remote attackers to read arbitrary files via unspecified vectors.
35 CVE-2013-2979 22 Dir. Trav. 2013-08-22 2013-08-29
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in IBM Optim Performance Manager 4.1.1 and IBM InfoSphere Optim Performance Manager 5.x before 5.2 allows remote authenticated users to read arbitrary files via a crafted URL.
36 CVE-2013-2978 22 Dir. Trav. 2013-08-26 2013-08-27
2.1
None Remote High Single system Partial None None
Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2988.
37 CVE-2013-0544 22 Dir. Trav. 2013-04-24 2013-04-24
5.5
None Remote Low Single system None Partial Partial
Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors.
38 CVE-2012-4834 22 Dir. Trav. 2012-11-30 2013-04-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
39 CVE-2012-3324 22 Dir. Trav. 2012-09-25 2012-09-26
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
40 CVE-2012-3305 22 Dir. Trav. 2012-09-25 2013-01-28
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.
41 CVE-2012-2202 22 Dir. Trav. 2012-07-27 2012-11-06
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.
42 CVE-2012-2194 22 Dir. Trav. 2012-07-25 2012-07-25
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
43 CVE-2012-2181 22 Dir. Trav. 2012-07-03 2012-07-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.
44 CVE-2012-0186 22 Dir. Trav. 2012-06-22 2012-06-22
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL.
45 CVE-2011-1389 22 Exec Code Dir. Trav. 2012-01-19 2012-01-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135.
46 CVE-2011-1359 22 Dir. Trav. 2011-09-06 2011-09-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
47 CVE-2011-0494 22 Dir. Trav. 2011-01-19 2011-07-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecified impact and attack vectors. NOTE: this might overlap CVE-2010-4622.
48 CVE-2010-4622 22 Dir. Trav. 2010-12-30 2011-01-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
49 CVE-2010-2655 22 1 Dir. Trav. 2010-07-08 2010-07-20
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
50 CVE-2010-0154 22 Dir. Trav. 2010-09-14 2010-09-14
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability."
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.