CVE-2016-6038

moderate-risk
Published 2016-09-26

Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Aix
Aix
Aix

Affected Vendors

Ibm

References (6)

Mitigation http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
http://www.securityfocus.com/bid/93180
http://www.securitytracker.com/id/1036887
Mitigation http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc
http://www.securityfocus.com/bid/93180
http://www.securitytracker.com/id/1036887
34
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 9/34 · Low