|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1797
IBM WebSphere Application Server
|Vulnerable software versions||
IBM WebSphere Application Server 18.104.22.168
IBM WebSphere Application Server 22.214.171.124
IBM WebSphere Application Server 126.96.36.199
|Vendor URL||IBM Corporation|
The vulnerability allows a remote attacker to conduct directory traversal attack.
The vulnerability exists due to improper validation of user-supplied input on systems that have an Enterprise Bundle Archive (EBA) installed and with a path external to the EBA. A remote attacker can trick the victim into extracting a specially crafted ZIP archive containing 'dot dot slash' sequences that, when executed, will write arbitrary files on the target system.
Note: This vulnerability is known as "Zip-Slip".
Install update from vendor's website.External links