|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1797
IBM WebSphere Application Server
|Vulnerable software versions||
IBM WebSphere Application Server 188.8.131.52
IBM WebSphere Application Server 184.108.40.206
IBM WebSphere Application Server 220.127.116.11
|Vendor URL||IBM Corporation|
The vulnerability allows a remote attacker to conduct directory traversal attack.
The vulnerability exists due to improper validation of user-supplied input on systems that have an Enterprise Bundle Archive (EBA) installed and with a path external to the EBA. A remote attacker can trick the victim into extracting a specially crafted ZIP archive containing 'dot dot slash' sequences that, when executed, will write arbitrary files on the target system.
Note: This vulnerability is known as "Zip-Slip".
Install update from vendor's website.External links