Lucene search

[email protected]CVE-2005-1244

HistoryApr 24, 2005 - 4:00 a.m.

CVE-2005-1244

2005-04-2404:00:00

[email protected]

web.nvd.nist.gov

netiq

third-party tool

directory traversal

vulnerability

remote attackers

get request

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via “…” sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.

Affected configurations

NVD

Node

netiqpssecureMatch7.5

CPENameOperatorVersion
netiq:pssecurenetiq pssecureeq7.5

CPE	Name	Operator	Version
netiq:pssecure	netiq pssecure	eq	7.5

References

securitytracker.com/id?1013810

www.osvdb.org/15791

www.securityfocus.com/archive/1/396628

www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/20260

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2005-1244

nvd1 cvelist1