CVE-2012-2202 Information

Description

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1 2.5 2.5.1 and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.

Reference

http://secunia.com/advisories/49897 http://www.kb.cert.org/vuls/id/659791 http://www-01.ibm.com/support/docview.wss?uid=swg21605630 https://exchange.xforce.ibmcloud.com/vulnerabilities/76801