CVE-2013-6720 Information

Description

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x 8.x through 8.6 8.7 before FP2 and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter as demonstrated using a crafted request for a customer-support file as demonstrated by a log file.

Reference

http://www.exploit-db.com/exploits/32546 https://exchange.xforce.ibmcloud.com/vulnerabilities/89229 https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a