CVE-2023-43044: IBM License Metric Tool directory traversal
First published: Thu Sep 28 2023(Updated: )
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
Credit: psirt@us.ibm.com psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM License Metric Tool | <9.2.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for IBM License Metric Tool?
The vulnerability ID for IBM License Metric Tool is CVE-2023-43044.
What software versions are affected by this vulnerability?
IBM License Metric Tool version 9.2.33 is affected by this vulnerability.
What is the severity of CVE-2023-43044?
The severity of CVE-2023-43044 is high, with a severity value of 7.5.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by sending a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Is there a fix for this vulnerability?
There is currently no information available about a fix for this vulnerability. Please refer to the IBM support pages for updates.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- vendor/ibm
- canonical/ibm license metric tool