Published: 14/09/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware prior to 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm proventia_network_mail_security_system_virtual_appliance
ibm proventia_network_mail_security_system_virtual_appliance_firmware 1.6

Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 16) is vulnerable to an Insecure Direct Object Reference vulnerability When exploited by an authenticated attacker, such vulnerability could lead to compromising the security of the appliance, allowing OS command execution, local file incl ...

CWE-22 http://www.ventuneac.net/security-advisories/MVSA-10-008 http://www.securityfocus.com/archive/1/513637/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/93818/Proventia-Network-Mail-Security-System-Insecure-Direct-Object-Reference.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0154

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect