IBM AIX WebSM getCommand.new Local Traversal Vulnerability
Low Nessus Network Monitor Plugin ID 3341
SynopsisThe remote host is vulnerable to a local 'directory traversal' flaw.
DescriptionThe remote host is running the IBM AIX WebSM, a web-based system manager. This version of WebSM is vulnerable to a flaw where local users can gain access to potentially confidential data by passing a malformed query to the getCommand.new utility. Specifically, a request for a file like '../../../../<filename>' will retrieve the file as if the system manager had requested it.
SolutionNo solution is known at this time.