SB2024022209 - Absolute path traversal in IBM InfoSphere Information Server
Published: February 22, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Absolute Path Traversal (CVE-ID: CVE-2023-50955)
CWE-ID: CWE-36 - Absolute Path Traversal
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an adjacent privileged user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. An adjacent privileged user can gain unauthorized access to sensitive information on the system.
Remediation
Install update from vendor's website.