Lucene search

[email protected]CVE-2013-2989

HistoryMay 28, 2013 - 4:55 p.m.

CVE-2013-2989

2013-05-2816:55:01

CWE-264

[email protected]

web.nvd.nist.gov

ibm

sterling connect

direct

file-copying

privilege escalation

cve-2013-2989

nvd

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.

Affected configurations

NVD

Node

ibmsterling_connectMatch3.8.00

ibmsterling_connectMatch4.0.00

ibmsterling_connectMatch4.1.0.0

CPENameOperatorVersion
ibm:sterling_connectibm sterling connecteq3.8.00
ibm:sterling_connectibm sterling connecteq4.0.00
ibm:sterling_connectibm sterling connecteq4.1.0.0

CPE	Name	Operator	Version
ibm:sterling_connect	ibm sterling connect	eq	3.8.00
ibm:sterling_connect	ibm sterling connect	eq	4.0.00
ibm:sterling_connect	ibm sterling connect	eq	4.1.0.0

References

www-01.ibm.com/support/docview.wss?uid=swg1IC86449

www-01.ibm.com/support/docview.wss?uid=swg21637561

exchange.xforce.ibmcloud.com/vulnerabilities/84016

6.8 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-2989

prion1 nvd1 ibm1 cvelist1