CVE-2012-2202

IBM Lotus Protector For Mail Security - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

Exploits (1)

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/20368

View Code ZIP pw:eip

References (4)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21605630

[US Government Resource] http://www.kb.cert.org/vuls/id/659791

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76801

[Third Party Advisory] http://secunia.com/advisories/49897

Scores

EPSS 0.0780

EPSS Percentile 92.0%

Details

CWE

CWE-22

Status published

Products (9)

ibm/lotus_protector_for_mail_security 2.1

ibm/lotus_protector_for_mail_security 2.5

ibm/lotus_protector_for_mail_security 2.5.1

ibm/lotus_protector_for_mail_security 2.8

ibm/proventia_network_mail_security_system_firmware 2.5

ibm/proventia_network_mail_security_system_firmware 2.5.0.2

ibm/proventia_network_mail_security_system_firmware 2.5.1

ibm/proventia_network_mail_security_system_firmware 2.6

ibm/proventia_network_mail_security_system_firmware 2.8

Published Jul 27, 2012

Tracked Since Feb 18, 2026