Vulnerabilities > CVE-2005-1238 - Remote Security vulnerability in Iseries As 400
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |