Sign-up

ID

VAR-201009-0014


CVE

CVE-2010-0154


TITLE

IBM PNMSS Appliance sla/index.php Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-002930

DESCRIPTION

Directory traversal vulnerability in sla/index.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the l parameter, related to an "Insecure Direct Object Reference vulnerability.". ( Dot 2 One ) Any file may be read via. The Local Management Interface is a set of enhancements to the basic Frame Relay specification

Trust: 1.71

sources: NVD: CVE-2010-0154 // JVNDB: JVNDB-2010-002930 // VULHUB: VHN-42759

AFFECTED PRODUCTS

vendor:ibmmodel:proventia network mail security system virtual appliancescope: - version: -

Trust: 1.4

vendor:ibmmodel:proventia network mail security system virtual appliancescope:eqversion:1.6

Trust: 1.0

vendor:ibmmodel:proventia network mail security system virtual appliancescope:eqversion:*

Trust: 1.0

vendor:ibmmodel:proventia network mail security system virtual appliancescope:ltversion:2.5

Trust: 0.8

sources: JVNDB: JVNDB-2010-002930 // CNNVD: CNNVD-201009-114 // NVD: CVE-2010-0154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0154
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0154
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201009-114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-42759
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0154
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-42759
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-42759 // JVNDB: JVNDB-2010-002930 // CNNVD: CNNVD-201009-114 // NVD: CVE-2010-0154

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-42759 // JVNDB: JVNDB-2010-002930 // NVD: CVE-2010-0154

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201009-114

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201009-114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002930

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-42759

PATCH
title:Proventia Network Mail Security Systemurl:http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002930

EXTERNAL IDS
db:NVDid:CVE-2010-0154
Trust: 2.5
db:JVNDBid:JVNDB-2010-002930
Trust: 0.8
db:CNNVDid:CNNVD-201009-114
Trust: 0.7
db:BUGTRAQid:20100912 MVSA-10-008 / CVE-2010-0154 - IBM PROVENTIA MAIL SECURITY SYSTEM - INSECURE DIRECT OBJECT REFERENCE VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:93818
Trust: 0.1
db:VULHUBid:VHN-42759
Trust: 0.1
sources:
            
            
            VULHUB: VHN-42759 // 
            
            
            
            JVNDB: JVNDB-2010-002930 // 
            
            
            
            CNNVD: CNNVD-201009-114 // 
            
            
            
            NVD: CVE-2010-0154

REFERENCES
url:http://www.ventuneac.net/security-advisories/mvsa-10-008
Trust: 1.7
url:http://www.securityfocus.com/archive/1/513637/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0154
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0154
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/513637/100/0/threaded
Trust: 0.6
sources:
            
            
            VULHUB: VHN-42759 // 
            
            
            
            JVNDB: JVNDB-2010-002930 // 
            
            
            
            CNNVD: CNNVD-201009-114 // 
            
            
            
            NVD: CVE-2010-0154

SOURCES
db:VULHUBid:VHN-42759
db:JVNDBid:JVNDB-2010-002930
db:CNNVDid:CNNVD-201009-114
db:NVDid:CVE-2010-0154

LAST UPDATE DATE
2025-04-11T23:05:57.645000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-42759date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2010-002930date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201009-114date:2010-09-16T00:00:00
db:NVDid:CVE-2010-0154date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-42759date:2010-09-14T00:00:00
db:JVNDBid:JVNDB-2010-002930date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201009-114date:2010-09-16T00:00:00
db:NVDid:CVE-2010-0154date:2010-09-14T17:00:01.433