|
Description: | | Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. |
|
Impact: | | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. |
|
Affected OS: | | Windows |
|
Reference: | | SecurityFocusBID:52023 SecurityTrackerID:1026693
|
|