Lucene search
IbmCVE-2012-2202HistoryJul 27, 2012 - 10:27 a.m.
CVE-2012-2202
2012-07-2710:27:49
CWE-22
ibm
web.nvd.nist.gov
22
cve-2012-2202
directory traversal
ibm lotus protector
mail security
nvd
vulnerability
template parameter
remote authentication
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
71.0%
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a … (dot dot) in the template parameter.
Affected configurations
Node
ibmlotus_protector_for_mail_securityMatch2.1
ORibmlotus_protector_for_mail_securityMatch2.5
ORibmlotus_protector_for_mail_securityMatch2.5.1
ORibmlotus_protector_for_mail_securityMatch2.8
Node
ibmproventia_network_mail_security_system_firmwareMatch2.5
ORibmproventia_network_mail_security_system_firmwareMatch2.5.0.2
ORibmproventia_network_mail_security_system_firmwareMatch2.5.1
ORibmproventia_network_mail_security_system_firmwareMatch2.6
ORibmproventia_network_mail_security_system_firmwareMatch2.8
ibmproventia_network_mail_security_system
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | lotus_protector_for_mail_security | 2.1 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.5 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.5.1 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.8 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.5 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.5.0.2 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.5.1 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.6 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.8 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system | * | cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:* |
Related
prion
prion
Directory traversal
2012-07-27 10:27:00
cvelist
cvelist
CVE-2012-2202
2012-07-27 10:00:00
nvd
nvd
CVE-2012-2202
2012-07-27 10:27:49
cert
cert
IBM ISS Proventia Mail Security contains multiple vulnerabilities
2012-07-25 00:00:00
exploitdb
exploitdb
IBM Proventia Network Mail Security System 2.5 - POST File Read
2012-08-08 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.003
Percentile
71.0%
Related for CVE-2012-2202