SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2012-2202

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score :		CVSS Score : 3.5
Exploit Score:		Exploit Score: 6.8
Impact Score:		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector:		Access Vector: NETWORK
Attack Complexity:		Access Complexity: MEDIUM
Privileges Required:		Authentication: SINGLE_INSTANCE
User Interaction:		Confidentiality: PARTIAL
Scope:		Integrity: NONE
Confidentiality:		Availability: NONE
Integrity:
Availability:

Reference:

SECUNIA-49897

VU#659791

http://www-01.ibm.com/support/docview.wss?uid=swg21605630

pnm-javatesterinit-dir-traversal(76801)


24128



131573



111017



909



86402



136