CVE-2013-6720

N/A Unknown
Published: March 06, 2014 Modified: May 06, 2026
View on NVD

Description

Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.exploit-db.com/exploits/32546
Source: psirt@us.ibm.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
Source: psirt@us.ibm.com
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
Source: psirt@us.ibm.com
Vendor Advisory
http://www.exploit-db.com/exploits/32546
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/89229
Source: af854a3a-2127-422b-91ae-364da2661108
https://tealeaf.support.ibmcloud.com/FileManagement/Download/19eb90ffb8334b398684b4350edc4b7a
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
4.1%
89th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

ibm

Related CVEs

CVE-2026-8686 7.5
CVE-2026-4054 4.3
CVE-2026-4053 3.1
CVE-2026-46408 7.6
CVE-2026-46407 8.1