Description
IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system
Published: 2026-05-27
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM InfoSphere Optim Test Data Fabrication versions 1.0.0 through 1.0.2.7 contains a path traversal flaw (CWE‑22) that allows a remote attacker to request files outside the intended directory. The vulnerability arises when the application processes URL paths with '..' segments, enabling the attacker to read arbitrary files present on the host. This can compromise confidentiality of sensitive data such as configuration or log files, and may be leveraged for further exploitation.

Affected Systems

All affected releases are listed by IBM: InfoSphere Optim Test Data Fabrication, with versions 1.0.0, 1.0.0.1, 1.0.0.2 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, and 1.0.2.7. These are the only versions flagged for this flaw and must be reviewed by administrators.

Risk and Exploitability

The CVSS score is 7.5, indicating high severity. No exploit probability score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The attacker can trigger the flaw simply by sending a special URL containing '/../' sequences to the application, which is reachable over the network. Because the path traversal is not mitigated by input sanitization, the risk of arbitrary file disclosure remains substantial.

Generated by OpenCVE AI on May 27, 2026 at 16:17 UTC.

Remediation

Vendor Solution

N/A

Vendor Workaround

Workarounds are available. Contact TechSupport for instructions and resolution.

OpenCVE Recommended Actions

  • Apply the vendor‑provided workaround by contacting IBM TechSupport for specific instructions.
  • Restrict access to the Test Data Fabrication service so that only trusted users and networks can reach it.
  • Continuously monitor web server logs for suspicious directory traversal attempts.

Generated by OpenCVE AI on May 27, 2026 at 16:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system
Title InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read
First Time appeared Ibm
Ibm infosphere Optim Test Data Fabrication
Weaknesses CWE-22
CPEs cpe:2.3:a:ibm:infosphere_optim_test_data_fabrication:1.0.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm infosphere Optim Test Data Fabrication
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Ibm Infosphere Optim Test Data Fabrication
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T15:29:01.263Z

Reserved: 2026-02-27T20:51:53.492Z

Link: CVE-2026-3366

cve-icon Vulnrichment

Updated: 2026-05-27T15:28:57.003Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:46.737

Modified: 2026-05-27T14:53:51.833

Link: CVE-2026-3366

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:30:36Z

Weaknesses