CVE-2011-4435 : The web-server component in the Consolidation and Analysis Engine (CAE) Server i

The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests.

Published 2011-11-11 21:55:01

Updated 2011-12-13 04:09:29

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2011-4435

IBM » Db2 Tools For Z/os » Version: 2.3.0
cpe:2.3:a:ibm:db2_tools_for_z\/os:2.3.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-4435

EPSS FAQ

0.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-4435

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2011-4435

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4435

http://www.ibm.com/support/docview.wss?uid=swg1PM41190

IBM PM41190: THERE IS A DIRECTORY BROWSING VULNERABILITY IN CAE SERVER.
http://www.securitytracker.com/id?1026278

IBM DB2 Tools for z/OS Directory Traversal Flaw Lets Remote Users Browse Directories - SecurityTracker

Jump to

Vulnerability Details : CVE-2011-4435

Products affected by CVE-2011-4435

Exploit prediction scoring system (EPSS) score for CVE-2011-4435

CVSS scores for CVE-2011-4435

CWE ids for CVE-2011-4435

References for CVE-2011-4435