CVE-2014-6222 Information

Description

Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2 8.6.x before 8.6.0.8 9.0.x before 9.0.0.4.1 9.1.0.x before 9.1.0.5 and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1PO02715 http://www-01.ibm.com/support/docview.wss?uid=swg1PO03923 http://www-01.ibm.com/support/docview.wss?uid=swg1PO04455 http://www-01.ibm.com/support/docview.wss?uid=swg21902933