Lucene search

IbmCVE-2012-5938

HistoryMar 20, 2013 - 2:55 p.m.

CVE-2012-5938

2013-03-2014:55:04

CWE-264

ibm

web.nvd.nist.gov

ibm

infosphere

information server

8.1

8.5

8.7

9.1

unix

linux

installation process

permissions

ownerships

filesystem operations

cve-2012-5938

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

Affected configurations

Nvd

Node

ibminfosphere_information_serverMatch8.1

ibminfosphere_information_serverMatch8.5

ibminfosphere_information_serverMatch8.7

ibminfosphere_information_serverMatch9.1

AND

conectivalinux

novellunixware

VendorProductVersionCPE
ibminfosphere_information_server8.1cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*
ibminfosphere_information_server8.5cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*
ibminfosphere_information_server8.7cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*
ibminfosphere_information_server9.1cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*
conectivalinux*cpe:2.3:o:conectiva:linux:*:*:*:*:*:*:*:*
novellunixware*cpe:2.3:o:novell:unixware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	infosphere_information_server	8.1	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
ibm	infosphere_information_server	8.5	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
ibm	infosphere_information_server	8.7	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
ibm	infosphere_information_server	9.1	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*
conectiva	linux	*	cpe:2.3:o:conectiva:linux::::::::
novell	unixware	*	cpe:2.3:o:novell:unixware::::::::

References

www.ibm.com/support/docview.wss?uid=swg21628844

exchange.xforce.ibmcloud.com/vulnerabilities/80493

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-5938