CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-1244

Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 71.9%

CVSS Severity

CVSS v2 Score 7.5

References

http://securitytracker.com/id?1013810
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260
http://securitytracker.com/id?1013810
http://www.osvdb.org/15791
http://www.securityfocus.com/archive/1/396628
http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20260

Products affected by CVE-2005-1244

Netiq » Pssecure » Version: 7.5

cpe:2.3:a:netiq:pssecure:7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-1244

Products

Pricing

Contact Us