Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM52580A3B50CA8ED8AD2FD9BFE5D746ED9E7CEDB8B3199E6FC5AD8E506594EA24
HistoryFeb 06, 2019 - 12:05 p.m.

Security Bulletin: Content Collector for Email is affected by 3RD PARTY CSRF and OOB-XXE Vulnerabilities in WebSphere Web Application Server's Integrated Solutions Console 9.0.0.8, 8.5.5.13, and 8.5.5.9

2019-02-0612:05:01
www.ibm.com
4

0.007 Low

EPSS

Percentile

81.0%

JSON

Summary

Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.

Vulnerability Details

CVEID: CVE-2018-1770 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148686&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Content Collector for Email v4.0.1

Remediation/Fixes

Product

| VRM | Remediation
—|—|—
Content Collector for Email | 4.0.1 | Use_ _Content Collector for Email 4.0.1.8 Interim Fix 009

Workarounds and Mitigations

NA

CPENameOperatorVersion
content collectoreq4.0.1

Related

prion 1
ibm 33
nessus 2
cvelist 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2018-10-12 11:29:00
ibm
ibm
Security Bulletin: Potential traversal vulnerability in IBM WebSphere Application Server Admin Console shipped with Jazz for Service Management (CVE-2018-1770)
2018-10-31 15:05:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1770)
2018-10-19 16:20:01
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2018-1770)
2018-12-11 15:50:01
nessus
nessus
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
2018-12-14 00:00:00
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.10 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
2019-08-22 00:00:00
cvelist
cvelist
CVE-2018-1770
2018-10-09 00:00:00
cve
cve
CVE-2018-1770
2018-10-12 11:29:00
nvd
nvd
CVE-2018-1770
2018-10-12 11:29:00

0.007 Low

EPSS

Percentile

81.0%

JSON
Related for 52580A3B50CA8ED8AD2FD9BFE5D746ED9E7CEDB8B3199E6FC5AD8E506594EA24
prion1ibm33nessus2cvelist1cve1nvd1