Skip to main content

Entirex CVE-2024-54169

MEDIUM
Path Traversal (CWE-22)
2025-02-27 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:28 vuln.today
CVE Published
Feb 27, 2025 - 15:15 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

AnalysisAI

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. Affected products include: Ibm Entirex.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2024-54171 HIGH
7.1 Feb 06

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high sev

CVE-2025-0158 MEDIUM
5.5 Feb 06

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Ra

CVE-2024-54170 MEDIUM
5.5 Feb 27

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an ineffi

CVE-2024-56812 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56811 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56810 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56496 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56495 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56494 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56493 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2025-0759 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared reso

CVE-2024-56467 LOW
3.3 Feb 06

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

Share

CVE-2024-54169 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy