CVE-2018-1884 - OpenCVE

IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a "zip slip" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Case Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:case_manager:5.2.0.0:::::::*
	cpe:2.3:a:ibm:case_manager:5.2.0.4:::::::*
	cpe:2.3:a:ibm:case_manager:5.2.1.0:::::::*
	cpe:2.3:a:ibm:case_manager:5.2.1.7:::::::*
	cpe:2.3:a:ibm:case_manager:5.3.0.0:::::::*
	cpe:2.3:a:ibm:case_manager:5.3.3.0:::::::*

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=ibm10737897
http://www.securityfocus.com/bid/105946
https://exchange.xforce.ibmcloud.com/vulnerabilities/151970

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2018-11-12T16:00:00Z

Updated: 2024-09-16T19:20:19.622Z

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1884

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-11-12T16:29:00.390

Modified: 2019-10-09T23:39:16.307

Link: CVE-2018-1884

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Case Manager", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.2.0.0"}, {"status": "affected", "version": "5.2.0.4"}, {"status": "affected", "version": "5.2.1.0"}, {"status": "affected", "version": "5.2.1.7"}, {"status": "affected", "version": "5.3.0.0"}, {"status": "affected", "version": "5.3.3.0"}]}], "datePublic": "2018-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "LOW", "privilegesRequired": "LOW", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.2, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:L/S:U/UI:R/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-20T10:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"}, {"name": "105946", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105946"}, {"name": "ibm-case-cve20181884-code-exec(151970)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2018-11-08T00:00:00", "ID": "CVE-2018-1884", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Case Manager", "version": {"version_data": [{"version_value": "5.2.0.0"}, {"version_value": "5.2.0.4"}, {"version_value": "5.2.1.0"}, {"version_value": "5.2.1.7"}, {"version_value": "5.3.0.0"}, {"version_value": "5.3.3.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "L", "C": "L", "I": "L", "PR": "L", "S": "U", "UI": "R"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Access"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ibm10737897", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"}, {"name": "105946", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105946"}, {"name": "ibm-case-cve20181884-code-exec(151970)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:14:38.601Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"}, {"name": "105946", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105946"}, {"name": "ibm-case-cve20181884-code-exec(151970)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1884", "datePublished": "2018-11-12T16:00:00Z", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2024-09-16T19:20:19.622Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:case_manager:5.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "94D67FAF-252F-4AE5-8395-58915F1D5B21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:case_manager:5.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC9406F4-67CE-4E59-AB7A-8F2BCEA7FECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:case_manager:5.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EF0156E9-A2BF-4F09-AEEC-B94294DBD097", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:case_manager:5.2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "CEC16B10-249D-4189-B584-7DAFD13740C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:case_manager:5.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5CC38040-593D-441F-B396-1B2F622F113E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:case_manager:5.3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A98B54F8-2F43-43BE-9715-DA1614EFC88E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3.3.0 is vulnerable to a \"zip slip\" vulnerability which could allow a remote attacker to execute code using directory traversal techniques. IBM X-Force ID: 151970."}, {"lang": "es", "value": "IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0 y 5.3.3.0 es vulnerabilidad a una vulnerabilidad \"zip slip\" que podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo mediante t\u00e9cnicas de salto de directorio. IBM X-Force ID: 151970."}], "id": "CVE-2018-1884", "lastModified": "2019-10-09T23:39:16.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2018-11-12T16:29:00.390", "references": [{"source": "psirt@us.ibm.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10737897"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105946"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151970"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}