CVE-2016-6038
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
References
- http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
- http://www.securityfocus.com/bid/93180
- http://www.securitytracker.com/id/1036887
- http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
- http://www.securityfocus.com/bid/93180
- http://www.securitytracker.com/id/1036887
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.