IBM Case Manager has addressed the following vulnerability. A Zip Slip vulnerability is exposed in Case Manager with the ability to import solution package zip files. (CVE-2018-1884)
CVEID: CVE-2018-1884 DESCRIPTION: IBM Case Manager is vulnerabile to a “zip slip” vulnerability which could allow a remote attacker to execute code using directory traversal techniques.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151970> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Affected IBM Case Manager | Affected Versions |
---|---|
IBM Case Manager | 5.3.X |
IBM Case Manager | 5.2.1 |
IBM Case Manager | 5.2.0 |
IBM Case Manager | 5.1.1 |
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
IBM Case Manager | 5.3.0.0 - 5.3.3.0 | PJ45456 | 5.3.3.0-ICM-IF001 or later versions
IBM Case Manager | 5.2.1.0 - 5.2.1.7 | PJ45494 | 5.2.1.7-ICM-IF004 or later
IBM Case Manager | 5.2.0.0 - 5.2.0.4 | PJ45495 | 5.2.0.4-ICM-IF003 or later
IBM Case Manager V5.1.1 is no longer in full support; IBM recommends upgrading to a fixed, supported version/release/platform of the product.
The issue can be mitigated by doing the following: