CVE-2010-4622
IBM Tivoli Access Manager for e-business 6.1.1 - Path Traversal via Encoded Dot Dot in URI
Title source: llmDescription
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
References (7)
Core 7
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3329
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45582
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24028829
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024927
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/70158
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42727
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64306
Scores
EPSS
0.0293
EPSS Percentile
85.4%
Details
CWE
CWE-22
Status
published
Products (1)
ibm/tivoli_access_manager_for_e-business
6.1.1
Published
Dec 30, 2010
Tracked Since
Feb 18, 2026