Vulnerability Details CVE-2024-41765
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.8%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2024-41765
-
cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.2
-
cpe:2.3:a:ibm:engineering_lifecycle_optimization_publishing:7.0.3
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-