CVE-2012-2202

2012-07-2710:27:49

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.003

Percentile

71.0%

JSON

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a … (dot dot) in the template parameter.

Affected configurations

Nvd

Node

ibmlotus_protector_for_mail_securityMatch2.1

ibmlotus_protector_for_mail_securityMatch2.5

ibmlotus_protector_for_mail_securityMatch2.5.1

ibmlotus_protector_for_mail_securityMatch2.8

Node

ibmproventia_network_mail_security_system_firmwareMatch2.5

ibmproventia_network_mail_security_system_firmwareMatch2.5.0.2

ibmproventia_network_mail_security_system_firmwareMatch2.5.1

ibmproventia_network_mail_security_system_firmwareMatch2.6

ibmproventia_network_mail_security_system_firmwareMatch2.8

AND

ibmproventia_network_mail_security_system

VendorProductVersionCPE
ibmlotus_protector_for_mail_security2.1cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:*
ibmlotus_protector_for_mail_security2.5cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:*
ibmlotus_protector_for_mail_security2.5.1cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:*
ibmlotus_protector_for_mail_security2.8cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system_firmware2.5cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system_firmware2.5.0.2cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system_firmware2.5.1cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system_firmware2.6cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system_firmware2.8cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:*
ibmproventia_network_mail_security_system*cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_protector_for_mail_security	2.1	cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:::::::*
ibm	lotus_protector_for_mail_security	2.5	cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:::::::*
ibm	lotus_protector_for_mail_security	2.5.1	cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:::::::*
ibm	lotus_protector_for_mail_security	2.8	cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:::::::*
ibm	proventia_network_mail_security_system_firmware	2.5	cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:::::::*
ibm	proventia_network_mail_security_system_firmware	2.5.0.2	cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:::::::*
ibm	proventia_network_mail_security_system_firmware	2.5.1	cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:::::::*
ibm	proventia_network_mail_security_system_firmware	2.6	cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:::::::*
ibm	proventia_network_mail_security_system_firmware	2.8	cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:::::::*
ibm	proventia_network_mail_security_system	*	cpe:2.3:h:ibm:proventia_network_mail_security_system::::::::