Lucene search

K
ibmIBM524967B35E95591E52EF19BBE01828BF10D5D7091675E92DC2D3D66897E54085
HistoryFeb 04, 2021 - 5:30 p.m.

Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server Admin Console

2021-02-0417:30:59
www.ibm.com
10

0.002 Low

EPSS

Percentile

51.9%

Summary

Embedded WebSphere Application Server traditional Admin Console is vulnerable to a directory traversal vulnerability (CVE-2020-4782)

Vulnerability Details

CVEID:CVE-2020-4782
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing โ€œdot dotโ€ sequences (/โ€ฆ/) to view arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.x

Remediation/Fixes

Product

| VRMF|Remediation/First Fix
โ€”|โ€”|โ€”
IBM Content Collector for Email| 4.0.x| Apply Interim Fix 4.0.1.9-IBM-ICC-IF008

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

0.002 Low

EPSS

Percentile

51.9%

Related for 524967B35E95591E52EF19BBE01828BF10D5D7091675E92DC2D3D66897E54085