Multiple Directory Traversal vulnerabilities affect IBM b-type SAN Network Advisor (CVE-2016-8204, CVE-2016-8205,CVE-2016-8206, CVE-2016-8207).
CVEID: CVE-2016-8204**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to FileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-8206**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to SoftwareImageUpload containing directory traversal sequences to write to and delete arbitrary files from the system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2016-8207**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to CliMonitorReportServlet containing directory traversal sequences to read arbitrary files on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120395 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-8205**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to DashboardFileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120393 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Network Advisor versions released prior to and including 14.0.2
Fixes are in IBM Network Advisor 14.0.3
<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621>
None
CPE | Name | Operator | Version |
---|---|---|---|
storage area network (san)->ibm network advisor | eq | any | |
storage area network (san)->ibm network advisor | eq | any |