IBM Security Bulletin: IBM Security Key Lifecycle Manager is vulnerable to Path Traversal (CVE-2018-1744)
Oct 12, 2018 9:01 am EDT
Categorized: High Severity
Share this post:
IBM Security Key Lifecycle Manager could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE(s): CVE-2018-1744
Affected product(s) and affected version(s):
IBM Security Key Lifecycle Manager v2.5 – 2.5.0.9
IBM Security Key Lifecycle Manager v2.6 – 2.6.0.4
IBM Security Key Lifecycle Manager: v2.7 – 2.7.0.3
IBM Security Key Lifecycle Manager: v3.0- 3.0.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10733353
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148423
from IBM Product Security Incident Response Team https://ift.tt/2EgH2Tl