6.9
CVE-2014-3020
- EPSS 0.32%
- Veröffentlicht 29.07.2014 20:55:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Embedded Websphere Application Server Version7.0
Ibm ≫ Tivoli Integrated Portal Version2.1
Ibm ≫ Tivoli Integrated Portal Version2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.234 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/59687
http://secunia.com/advisories/59795
http://secunia.com/advisories/60552
http://www-01.ibm.com/support/docview.wss?uid=swg21679952
http://www-01.ibm.com/support/docview.wss?uid=swg21680254
http://www-01.ibm.com/support/docview.wss?uid=swg21680841
http://www.securityfocus.com/bid/69034
https://exchange.xforce.ibmcloud.com/vulnerabilities/93056