Primary

Context

IBM EntireX Directory Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

A directory traversal vulnerability has been identified in IBM EntireX version 11.1. This vulnerability could allow an authenticated attacker to traverse directories on the system and access arbitrary files. The issue arises from the application’s handling of URL requests, which can be manipulated to include 'dot dot' sequences, enabling access to files outside the intended directory.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the system.

Remediation

Users are advised to download the latest version of IBM EntireX. The update can be obtained through the IBM webMethods Update Manager, available on Passport Advantage Online. After downloading, follow the provided instructions to install the update. Specifically, install the package EXX_11.1_Designer_Fix5.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM EntireX Directory Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating