CVE-2013-6720 : Directory traversal vulnerability in download.php in the Passive Capture Applica

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.

Published 2014-03-06 11:55:05

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2013-6720

IBM » Tealeaf Cx » Version: 7.1
cpe:2.3:a:ibm:tealeaf_cx:7.1:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.5
cpe:2.3:a:ibm:tealeaf_cx:8.5:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.6
cpe:2.3:a:ibm:tealeaf_cx:8.6:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.3
cpe:2.3:a:ibm:tealeaf_cx:8.3:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.4
cpe:2.3:a:ibm:tealeaf_cx:8.4:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 7.2
cpe:2.3:a:ibm:tealeaf_cx:7.2:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.0
cpe:2.3:a:ibm:tealeaf_cx:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.7
cpe:2.3:a:ibm:tealeaf_cx:8.7:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.8
cpe:2.3:a:ibm:tealeaf_cx:8.8:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.1
cpe:2.3:a:ibm:tealeaf_cx:8.1:*:*:*:*:*:*:*
Matching versions
IBM » Tealeaf Cx » Version: 8.2
cpe:2.3:a:ibm:tealeaf_cx:8.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6720

EPSS FAQ

3.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6720

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-6720

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6720

https://exchange.xforce.ibmcloud.com/vulnerabilities/89229

IBM Tealeaf CX Passive Capture Application local file include CVE-2013-6720 Vulnerability Report
http://www.exploit-db.com/exploits/32546

IBM Tealeaf CX 8.8 - Remote OS Command Injection - PHP webapps Exploit

CVEs referencing this url
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-6720

Products affected by CVE-2013-6720

Exploit prediction scoring system (EPSS) score for CVE-2013-6720

CVSS scores for CVE-2013-6720

CWE ids for CVE-2013-6720

References for CVE-2013-6720