CVE-2012-2202

IBM Lotus Protector for Mail Security 2.1/2.5/2.5.1/2.8 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2202.

AI-analyzed exploit summary This Python script exploits a post-authentication arbitrary file-read vulnerability in IBM ISS Proventia Mail Security 2.5 by sending a crafted request to 'javatester_init.php' with a path traversal payload. It also documents a reflected XSS vulnerability in the same product.

Description

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

Exploits (1)

exploitdb WORKING POC
pythonwebappswindows
https://www.exploit-db.com/exploits/20368

This Python script exploits a post-authentication arbitrary file-read vulnerability in IBM ISS Proventia Mail Security 2.5 by sending a crafted request to 'javatester_init.php' with a path traversal payload. It also documents a reflected XSS vulnerability in the same product.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IBM ISS Proventia Mail Security 2.5
Auth required
Prerequisites: Valid credentials for the target system · Network access to the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21605630
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/659791
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49897
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76801

Scores

EPSS 0.0304
EPSS Percentile 85.8%

Details

CWE
CWE-22
Status published
Products (9)
ibm/lotus_protector_for_mail_security 2.1
ibm/lotus_protector_for_mail_security 2.5
ibm/lotus_protector_for_mail_security 2.5.1
ibm/lotus_protector_for_mail_security 2.8
ibm/proventia_network_mail_security_system_firmware 2.5
ibm/proventia_network_mail_security_system_firmware 2.5.0.2
ibm/proventia_network_mail_security_system_firmware 2.5.1
ibm/proventia_network_mail_security_system_firmware 2.6
ibm/proventia_network_mail_security_system_firmware 2.8
Published Jul 27, 2012
Tracked Since Feb 18, 2026