Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM AIX WebSM getCommand.new Local Traversal Vulnerability

Low

Synopsis

The remote host is vulnerable to a local 'directory traversal' flaw.

Description

The remote host is running the IBM AIX WebSM, a web-based system manager. This version of WebSM is vulnerable to a flaw where local users can gain access to potentially confidential data by passing a malformed query to the getCommand.new utility. Specifically, a request for a file like '../../../../<filename>' will retrieve the file as if the system manager had requested it.

Solution

No solution is known at this time.