CVE-2012-2202

IBM Lotus Protector For Mail Security - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

Exploits (1)

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/20368

View on exploitdb

References (4)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21605630

[US Government Resource] http://www.kb.cert.org/vuls/id/659791

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76801

[Third Party Advisory] http://secunia.com/advisories/49897

Scores

EPSS 0.1031

EPSS Percentile 93.1%

Classification

CWE

CWE-22

Status draft

Affected Products (9)

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

ibm/lotus_protector_for_mail_security

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

ibm/proventia_network_mail_security_system_firmware

Timeline

Published Jul 27, 2012

Tracked Since Feb 18, 2026