CVE-2019-4430

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.

Published : 2019-07-17 14:15 Updated : 2019-10-09 23:50

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Ibm Maximo Asset Management 7.6 cpe:/a:ibm:maximo_asset_management:7.6
  1. Ibm (1) Search CVE
    1. Maximo Asset Management (1) Search CVE
      1. 7.6

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2019-07-18 15:02
2019-07-17 15:15

New CVE