CVE-2014-6182 Information

Description

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Reference

http://www.ibm.com/support/docview.wss?uid=swg21692540 http://www.securitytracker.com/id/1031379 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234 https://exchange.xforce.ibmcloud.com/vulnerabilities/98518