Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVEID: CVE-2018-1770 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148686> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Content Collector for Email v4.0.1
Product
| VRM | Remediation
—|—|—
Content Collector for Email | 4.0.1 | Use_ _Content Collector for Email 4.0.1.8 Interim Fix 009
NA
CPE | Name | Operator | Version |
---|---|---|---|
content collector | eq | 4.0.1 |