CVE-2012-1196
Summary
| CVE | CVE-2012-1196 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2012-02-18 00:55:00 UTC |
|---|
| Updated | 2017-08-29 01:31:00 UTC |
|---|
| Description | Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| IBM X-Force Exchange |
XF |
exchange.xforce.ibmcloud.com |
|
| Lenovo ThinkManagement Console Multiple Security Bypass Vulnerabilities |
BID |
www.securityfocus.com |
|
| 79277 |
OSVDB |
osvdb.org |
|
| Security Advisory SA47666 - Lenovo ThinkManagement Console Web Services Two Vulnerabilities - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Lenovo ThinkManagement Console SOAP Interface Lets Remote Users Upload and Delete Files and Execute Arbitrary Code - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| LANDESK | 2012-05-08 | | LANDesk is aware of and has resolved this issue. For tracking purposes within LANDesk this vulnerability was given defect number 30320. This issue was resolved in the LD90-SP3-CP_BASE-2012-0412 component patch, available here: http://community.landesk.com/downloads/patch/component/LD90-SP3-CP_BASE-2012-0412a.exe . For details around other fixes contained in the component patch please refer to http://community.landesk.com/support/docs/DOC-24787 |
There are currently no legacy QID mappings associated with this CVE.
