Lucene search

[email protected]CVE-2011-1376

HistoryJan 19, 2012 - 11:55 a.m.

CVE-2011-1376

2012-01-1911:55:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

was

ibm i

security

permissions

vulnerability

nvd

cve-2011-1376

8.6 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.1.0.21
ibm:websphere_application_serveribm websphere application servereq6.1.0.31
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq6.1.0.19
ibm:websphere_application_serveribm websphere application servereq6.1.0.33
ibm:websphere_application_serveribm websphere application servereq6.1.0.25
ibm:websphere_application_serveribm websphere application servereq6.1.0.11
ibm:websphere_application_serveribm websphere application servereq6.1.0.41
ibm:websphere_application_serveribm websphere application servereq6.1.0.39
ibm:websphere_application_serveribm websphere application servereq6.1.0.9

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.21
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.31
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.19
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.33
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.25
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.11
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.41
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.39
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.9

Rows per page:

1-10 of 351

References

www-01.ibm.com/support/docview.wss?uid=swg21569205

www-01.ibm.com/support/docview.wss?uid=swg24031675

www.ibm.com/support/docview.wss?uid=swg1PM49712

exchange.xforce.ibmcloud.com/vulnerabilities/71230

8.6 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2011-1376

nessus4 prion1 ibm2