CVE-2010-4622

IBM Tivoli Access Manager for e-business 6.1.1 - Path Traversal via Encoded Dot Dot in URI

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.

References (7)

Core 7
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3329
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45582
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24028829
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024927
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/70158
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42727
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64306

Scores

EPSS 0.0293
EPSS Percentile 85.4%

Details

CWE
CWE-22
Status published
Products (1)
ibm/tivoli_access_manager_for_e-business 6.1.1
Published Dec 30, 2010
Tracked Since Feb 18, 2026