IBM Lotus Protector for Mail Encryption Local File Include Vulnerability

IBM Lotus Protector for Mail Encryption is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.

IBM Lotus Protector for Mail Encryption 2.1.0.1 Build(88.3.0.1.4323) is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97373
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Patrick Webster
Vulnerable: IBM Lotus Protector for Mail Encryption 2.1.0.1 Build(88.3.0

Not Vulnerable:

Exploit

The following exploit is available:

/data/vulnerabilities/exploits/97373.rb

References:

IBM Homepage (IBM)
Lotus Protector for Mail Security remote code execution (osisecurity.com.au)

Source: www.securityfocus.com

Exploit Collector

Search Exploit