Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3571679A9384ED774E4C38A3CE0352883E8810BB1A7E62E9D87F6F1306989591
HistoryJun 18, 2018 - 12:28 a.m.

Security Bulletin: Directory Traversal vulnerabilities impact IBM Network Advisor.

2018-06-1800:28:36
www.ibm.com
14

0.953 High

EPSS

Percentile

99.4%

JSON

Summary

Multiple Directory Traversal vulnerabilities affect IBM b-type SAN Network Advisor (CVE-2016-8204, CVE-2016-8205,CVE-2016-8206, CVE-2016-8207).

Vulnerability Details

CVEID: CVE-2016-8204**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to FileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-8206**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to SoftwareImageUpload containing directory traversal sequences to write to and delete arbitrary files from the system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID: CVE-2016-8207**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to CliMonitorReportServlet containing directory traversal sequences to read arbitrary files on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120395 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-8205**
DESCRIPTION:** Brocade Network Advisor could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to DashboardFileReceiveServlet containing directory traversal sequences to upload and execute arbitrary files on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120393 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Network Advisor versions released prior to and including 14.0.2

Remediation/Fixes

Fixes are in IBM Network Advisor 14.0.3

<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621&gt;

Workarounds and Mitigations

None

Related

openvas 1
ibm 1
checkpoint_advisories 3
cvelist 4
prion 4
zdi 4
nvd 4
cve 4
openvas
openvas
Brocade Network Advisor Multiple Vulnerabilities
2017-01-16 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Brocade Network Advisor affect IBM PureApplication System.
2018-06-15 07:07:03
checkpoint_advisories
checkpoint_advisories
Brocade Network Advisor Directory Traversal (CVE-2016-8206; CVE-2016-8207)
2017-02-27 00:00:00
Brocade Network Advisor FileReceiveServlet filename Directory Traversal (CVE-2016-8204)
2017-03-15 00:00:00
Brocade Network Advisor DashboardFileReceiveServlet filename Directory Traversal (CVE-2016-8205)
2017-02-27 00:00:00
cvelist
cvelist
CVE-2016-8206
2017-01-14 19:00:00
CVE-2016-8207
2017-01-14 19:00:00
CVE-2016-8205
2017-01-14 19:00:00
prion
prion
Directory traversal
2017-01-14 19:59:00
Directory traversal
2017-01-14 19:59:00
Directory traversal
2017-01-14 19:59:00
zdi
zdi
Brocade Network Advisor DashboardFileReceiveServlet Directory Traversal Remote Code Execution Vulnerability
2017-01-20 00:00:00
Brocade Network Advisor SoftwareImageUpload Directory Traversal Arbitrary File Deletion Vulnerability
2017-01-20 00:00:00
Brocade Network Advisor FileReceiveServlet Directory Traversal Remote Code Execution Vulnerability
2017-01-20 00:00:00
nvd
nvd
CVE-2016-8207
2017-01-14 19:59:00
CVE-2016-8205
2017-01-14 19:59:00
CVE-2016-8206
2017-01-14 19:59:00
cve
cve
CVE-2016-8204
2017-01-14 19:59:00
CVE-2016-8205
2017-01-14 19:59:00
CVE-2016-8207
2017-01-14 19:59:00

0.953 High

EPSS

Percentile

99.4%

JSON
Related for 3571679A9384ED774E4C38A3CE0352883E8810BB1A7E62E9D87F6F1306989591
openvas1ibm1checkpoint_advisories3cvelist4prion4zdi4nvd4cve4