Lucene search

[email protected]CVE-2016-0394

HistoryFeb 01, 2017 - 8:59 p.m.

CVE-2016-0394

2017-02-0120:59:00

CWE-275

[email protected]

web.nvd.nist.gov

ibm

integration bus

websphere

message broker

permissions

object

local attacker

files

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

Affected configurations

Vulners

NVD

Node

ibm_corporationintegration_busMatch9.0.0.0

ibm_corporationintegration_busMatch9.0

ibm_corporationintegration_busMatch10

ibm_corporationintegration_busMatch10.0

ibm_corporationintegration_busMatch9

CPENameOperatorVersion
ibm:integration_busibm integration buseq9.0
ibm:integration_busibm integration buseq9.0.0.1
ibm:integration_busibm integration buseq9.0.0.2
ibm:integration_busibm integration buseq10.0
ibm:websphere_message_brokeribm websphere message brokereq8.0
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.1
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.2
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.3
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.4
ibm:websphere_message_brokeribm websphere message brokereq8.0.0.5

CPE	Name	Operator	Version
ibm:integration_bus	ibm integration bus	eq	9.0
ibm:integration_bus	ibm integration bus	eq	9.0.0.1
ibm:integration_bus	ibm integration bus	eq	9.0.0.2
ibm:integration_bus	ibm integration bus	eq	10.0
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.1
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.2
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.3
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.4
ibm:websphere_message_broker	ibm websphere message broker	eq	8.0.0.5

CNA Affected

[
  {
    "product": "Integration Bus",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.0"
      },
      {
        "status": "affected",
        "version": "9.0"
      },
      {
        "status": "affected",
        "version": "10"
      },
      {
        "status": "affected",
        "version": "10.0"
      },
      {
        "status": "affected",
        "version": "9"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21985013

www.securityfocus.com/bid/94577

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-0394

prion1 ibm1 cvelist1 nvd1