icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

IBM AIX WebSM getCommand.new Local Traversal Vulnerability

Low

Synopsis

The remote host is vulnerable to a local 'directory traversal' flaw.

Description

The remote host is running the IBM AIX WebSM, a web-based system manager. This version of WebSM is vulnerable to a flaw where local users can gain access to potentially confidential data by passing a malformed query to the getCommand.new utility. Specifically, a request for a file like '../../../../<filename>' will retrieve the file as if the system manager had requested it.

Solution

No solution is known at this time.