CVE-2014-3020
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | tivoli_integrated_portal | 2.2 | cpe:/a:ibm:tivoli_integrated_portal:2.2::: |
| ibm | embedded_websphere_application_server | 7.0 | cpe:/a:ibm:embedded_websphere_application_server:7.0::: |
| ibm | tivoli_integrated_portal | 2.1 | cpe:/a:ibm:tivoli_integrated_portal:2.1::: |
References
secunia.com/advisories/59687
secunia.com/advisories/59795
secunia.com/advisories/60552
www-01.ibm.com/support/docview.wss?uid=swg21679952
www-01.ibm.com/support/docview.wss?uid=swg21680254
www-01.ibm.com/support/docview.wss?uid=swg21680841
www.securityfocus.com/bid/69034
exchange.xforce.ibmcloud.com/vulnerabilities/93056
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%