IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system. IBM X-Force ID: 192953.
CPE | Name | Operator | Version |
---|---|---|---|
financial_transaction_manager | ge | 3.2.0 | |
financial_transaction_manager | le | 3.2.7 |