CVE-2013-6720

2014-03-0611:55:05

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-6720

directory traversal

ibm tealeaf cx

security vulnerability

remote authentication

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a … (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.

Affected configurations

NVD

Node

ibmtealeaf_cxMatch7.1

ibmtealeaf_cxMatch7.2

ibmtealeaf_cxMatch8.0

ibmtealeaf_cxMatch8.1

ibmtealeaf_cxMatch8.2

ibmtealeaf_cxMatch8.3

ibmtealeaf_cxMatch8.4

ibmtealeaf_cxMatch8.5

ibmtealeaf_cxMatch8.6

ibmtealeaf_cxMatch8.7

ibmtealeaf_cxMatch8.8

CPENameOperatorVersion
ibm:tealeaf_cxibm tealeaf cxeq7.1
ibm:tealeaf_cxibm tealeaf cxeq7.2
ibm:tealeaf_cxibm tealeaf cxeq8.0
ibm:tealeaf_cxibm tealeaf cxeq8.1
ibm:tealeaf_cxibm tealeaf cxeq8.2
ibm:tealeaf_cxibm tealeaf cxeq8.3
ibm:tealeaf_cxibm tealeaf cxeq8.4
ibm:tealeaf_cxibm tealeaf cxeq8.5
ibm:tealeaf_cxibm tealeaf cxeq8.6
ibm:tealeaf_cxibm tealeaf cxeq8.7

CPE	Name	Operator	Version
ibm:tealeaf_cx	ibm tealeaf cx	eq	7.1
ibm:tealeaf_cx	ibm tealeaf cx	eq	7.2
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.0
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.1
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.2
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.3
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.4
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.5
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.6
ibm:tealeaf_cx	ibm tealeaf cx	eq	8.7