Lucene search

[email protected]CVE-2007-5819

HistoryNov 05, 2007 - 6:46 p.m.

CVE-2007-5819

2007-11-0518:46:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

tivoli

cdp

weak permissions

arbitrary file

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.

Affected configurations

NVD

Node

ibmtivoli_continuous_data_protection_for_filesMatch3.1.0

CPENameOperatorVersion
ibm:tivoli_continuous_data_protection_for_filesibm tivoli continuous data protection for fileseq3.1.0

CPE	Name	Operator	Version
ibm:tivoli_continuous_data_protection_for_files	ibm tivoli continuous data protection for files	eq	3.1.0

References

secunia.com/advisories/27473

www-1.ibm.com/support/docview.wss?uid=swg1IC54264

www.securityfocus.com/bid/26293

www.vupen.com/english/advisories/2007/3683

exchange.xforce.ibmcloud.com/vulnerabilities/38215

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-5819

nvd1 prion1 cvelist1