Directory Traversal Vulnerability in IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems Restore Operation

Directory Traversal Vulnerability in IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems Restore Operation

CVE-2022-40608 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

Learn more about our Web Application Penetration Testing UK.