CVE-2015-4988

Published: Jan 18, 2016Modified: May 6, 2026

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.

Affected (9)

Products: Ibm: Tealeaf Customer Experience

Ibm

1 product

Tealeaf Customer Experience

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Tealeaf Customer Experience	Up to 8.6
Ibm Tealeaf Customer Experience	Version 8.7
Ibm Tealeaf Customer Experience	Version 8.8
Ibm Tealeaf Customer Experience	Version 9.0.0
Ibm Tealeaf Customer Experience	Version 9.0.0a
Ibm Tealeaf Customer Experience	Version 9.0.1
Ibm Tealeaf Customer Experience	Version 9.0.1a
Ibm Tealeaf Customer Experience	Version 9.0.2
Ibm Tealeaf Customer Experience	Version 9.0.2a

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21968868

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21968868

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.