Vulnerability-Lookup

CVE-2012-2202 (GCVE-0-2012-2202)

Vulnerability from cvelistv5 – Published: 2012-07-27 10:00 – Updated: 2024-08-06 19:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

GSD-2012-2202

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2202

Aliases

CVE-2012-2202

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2202",
    "description": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.",
    "id": "GSD-2012-2202"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2202"
      ],
      "details": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.",
      "id": "GSD-2012-2202",
      "modified": "2023-12-13T01:20:16.065581Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2012-2202",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#659791",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/659791"
          },
          {
            "name": "49897",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49897"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
          },
          {
            "name": "pnm-javatesterinit-dir-traversal(76801)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2202"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
            },
            {
              "name": "VU#659791",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/659791"
            },
            {
              "name": "pnm-javatesterinit-dir-traversal(76801)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
            },
            {
              "name": "49897",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/49897"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-22T02:29Z",
      "publishedDate": "2012-07-27T10:27Z"
    }
  }
}

FKIE_CVE-2012-2202

Vulnerability from fkie_nvd - Published: 2012-07-27 10:27 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://secunia.com/advisories/49897
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21605630
psirt@us.ibm.com	http://www.kb.cert.org/vuls/id/659791	US Government Resource
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/76801
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49897
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21605630
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/659791	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/76801

Impacted products

Vendor	Product	Version
ibm	lotus_protector_for_mail_security	2.1
ibm	lotus_protector_for_mail_security	2.5
ibm	lotus_protector_for_mail_security	2.5.1
ibm	lotus_protector_for_mail_security	2.8
ibm	proventia_network_mail_security_system_firmware	2.5
ibm	proventia_network_mail_security_system_firmware	2.5.0.2
ibm	proventia_network_mail_security_system_firmware	2.5.1
ibm	proventia_network_mail_security_system_firmware	2.6
ibm	proventia_network_mail_security_system_firmware	2.8
ibm	proventia_network_mail_security_system	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F356BD-5E3C-4426-B315-86F681E2F6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "068537DC-785E-45E2-9B04-245621B48BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCE408A-BD6C-4D2C-8F37-132394729729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9277E17-F3EC-4E8B-B4E0-629966D7EB89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B13DDF-DCD6-4C10-B533-0C25FE966007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99B0275-98EE-48EA-B454-E13EC6521F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBC5F27-E6F2-4B18-AEC5-3032207FAD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D45AC4-6028-44DB-BFC6-24D105FBB2C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1090D84-2202-47C5-97F5-781543BB74BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE2B207-9C49-4107-9109-A6E9D1D610C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en javatester_init.php en IBM Lotus Protector para Mail Security v2.1, v2.5, v2.5.1, y v2.8 e IBM ISS Proventia Network Mail Security System, permite a administradores autenticados remotamente leer archivos de su elecci\u00f3n a trav\u00e9s .. (punto punto) en el par\u00e1metro template."
    }
  ],
  "id": "CVE-2012-2202",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-27T10:27:49.043",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://secunia.com/advisories/49897"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659791"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201207-0459

Vulnerability from variot - Updated: 2025-04-11 22:53

Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Remote authentication users can use this vulnerability to read arbitrary files through .. ----------------------------------------------------------------------

We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi

TITLE: IBM Lotus Protector for Mail Security Information Disclosure Weakness

SECUNIA ADVISORY ID: SA49897

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49897

RELEASE DATE: 2012-07-17

DISCUSS ADVISORY: http://secunia.com/advisories/49897/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49897/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49897

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A weakness has been reported in IBM Lotus Protector for Mail Security, which can be exploited by malicious users to disclose potentially sensitive information.

Certain input to the management interface is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files.

Successful exploitation requires access to the administrative user interface (UI).

The weakness is reported in versions 2.5, 2.5.1, and 2.8.

SOLUTION: Apply updates (please see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21605199

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0459",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "proventia network mail security system",
        "scope": null,
        "trust": 1.6,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.5.1"
      },
      {
        "model": "proventia network mail security system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.8"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "proventia network mail security system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "proventia network mail security system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.5.1"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "proventia network mail security system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.8"
      },
      {
        "model": "proventia network mail security system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "2.5.0.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "lotus protector for mail security",
        "scope": null,
        "trust": 0.8,
        "vendor": "ibm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:lotus_protector_for_mail_security",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:ibm:proventia_network_mail_security_system",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:ibm:proventia_network_mail_security_system_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Reported by the vendor.",
    "sources": [
      {
        "db": "BID",
        "id": "54486"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2202",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CVE-2012-2202",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "VHN-55483",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2202",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2202",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201207-577",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-55483",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. \nAn attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Remote authentication users can use this vulnerability to read arbitrary files through .. ----------------------------------------------------------------------\n\nWe are millions!  Join us to protect all Pc\u0027s Worldwide. \nDownload the new Secunia PSI 3.0 available in 5 languages and share it with your friends:\nhttp://secunia.com/psi\n\n----------------------------------------------------------------------\n\nTITLE:\nIBM Lotus Protector for Mail Security Information Disclosure Weakness\n\nSECUNIA ADVISORY ID:\nSA49897\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49897/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49897\n\nRELEASE DATE:\n2012-07-17\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49897/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49897/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49897\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness has been reported in IBM Lotus Protector for Mail\nSecurity, which can be exploited by malicious users to disclose\npotentially sensitive information. \n\nCertain input to the management interface is not properly verified\nbefore being used to display files. This can be exploited to disclose\nthe contents of arbitrary files. \n\nSuccessful exploitation requires access to the administrative user\ninterface (UI). \n\nThe weakness is reported in versions 2.5, 2.5.1, and 2.8. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIBM:\nhttp://www.ibm.com/support/docview.wss?uid=swg21605199\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      },
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "BID",
        "id": "54486"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "PACKETSTORM",
        "id": "114816"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-55483",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2202",
        "trust": 2.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#659791",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "49897",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "76801",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "54486",
        "trust": 0.3
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-74249",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "20368",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-55483",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114816",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "BID",
        "id": "54486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "PACKETSTORM",
        "id": "114816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "id": "VAR-201207-0459",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-11T22:53:40.167000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1605630",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/659791"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/49897"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
      },
      {
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2202"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu659791"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2202"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/76801"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21605199"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49897/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49897/"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49897"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "PACKETSTORM",
        "id": "114816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "db": "BID",
        "id": "54486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "db": "PACKETSTORM",
        "id": "114816"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-07-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "date": "2012-07-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "date": "2012-07-17T00:00:00",
        "db": "BID",
        "id": "54486"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "date": "2012-07-17T02:48:11",
        "db": "PACKETSTORM",
        "id": "114816"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "date": "2012-07-27T10:27:49.043000",
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-07-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#659791"
      },
      {
        "date": "2017-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-55483"
      },
      {
        "date": "2012-08-08T18:52:00",
        "db": "BID",
        "id": "54486"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-003414"
      },
      {
        "date": "2012-07-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      },
      {
        "date": "2025-04-11T00:51:21.963000",
        "db": "NVD",
        "id": "CVE-2012-2202"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IBM ISS Proventia Mail Security contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#659791"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201207-577"
      }
    ],
    "trust": 0.6
  }
}

GHSA-C48H-WPMC-FM6H

Vulnerability from github – Published: 2022-05-17 00:11 – Updated: 2022-05-17 00:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-07-27T10:27:00Z",
    "severity": "LOW"
  },
  "details": "Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.",
  "id": "GHSA-c48h-wpmc-fm6h",
  "modified": "2022-05-17T00:11:07Z",
  "published": "2022-05-17T00:11:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2202"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76801"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49897"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605630"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/659791"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2202 (GCVE-0-2012-2202)

GSD-2012-2202

FKIE_CVE-2012-2202

VAR-201207-0459

GHSA-C48H-WPMC-FM6H

Tags

Sightings

Nomenclature