CVE-2013-6720
Published Mar 6, 2014
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73F221E7-D026-497A-9E31-80316209F47C"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE1B92C7-F61A-428F-986A-826AA55E3DF5"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE9DFC4D-402A-4E34-BBC1-EF52F06CF141"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C449AA9-EEC0-4A6C-80E0-994CD266299E"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F39FE62-829E-4743-AEDC-04F8B96F42D0"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67EED387-1AF6-4900-90DC-664D0DC01D8C"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBE26E75-B709-4435-A12D-86476DDBF7DF"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F32997D-CF8A-4DA9-91D3-C4B793C203C2"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5B9CB5C-0E75-45EB-B85D-7CF3EAE3C930"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE939856-ADAA-442D-94E1-3BA1A6865496"
},
{
"criteria": "cpe:2.3:a:ibm:tealeaf_cx:8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E742288-47B2-4903-8881-E8E2700A4422"
}
],
"operator": "OR"
}
]
}
]