IBM Tealeaf Customer Experience contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system.
IBM Tealeaf Customer Experience could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences to view arbitrary files on the system.
CVEID: CVE-2017-1204**
DESCRIPTION:** IBM Tealeaf contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123740> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-1279**
DESCRIPTION:** IBM Tealeaf Customer Experience could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124757> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
IBM Tealeaf Customer Experience v8.7, v8.8 and v9.0.2
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience
|
9.0.2A
| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.5321_9.0.2A_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.5321_9.0.2A_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)
IBM Tealeaf Customer Experience
|
9.0.2
| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.1351_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=9.0.2.1351_IBM_Tealeaf_CXUpgrade_FixPack6&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)
IBM Tealeaf Customer Experience
|
8.8
IBM Tealeaf Customer Experience
|
8.7
| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=8.7.1.8885_IBMTealeaf_CXUpgrade_FixPack12&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%20Marketing%20Management&product=ibm/Other+software/Tealeaf+Customer+Experience&release=All&platform=All&function=fixId&fixids=8.7.1.8885_IBMTealeaf_CXUpgrade_FixPack12&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>)
None
CPE | Name | Operator | Version |
---|---|---|---|
tealeaf customer experience | eq | 9.0.2 | |
tealeaf customer experience | eq | 8.8 | |
tealeaf customer experience | eq | 8.7 |