top of page
Sentence 36
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.
Actual
-
Exploit mechanism: URL request containing "dot dot" sequences
-
Exploit objective: view arbitrary files
-
Attack pathway: remote attacker, specially-crafted URL request
Predicted
-
Exploit mechanism: send a specially-crafted URL request containing "dot dot" sequences (/../)
-
Exploit objective: view arbitrary files on the system
-
Attack pathway: remote attacker
bottom of page