IBM37249F2CB82266F83D2BD38F77D3F4E383A6FFF8A62E52B41EAAE04D0CE04DA4Security Bulletin: Apache Commons FileUpload vulnerability affects IBM Tivoli Business Service Manager (CVE-2013-0248)
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
Summary
Apache Commons FileUpload is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin.
Vulnerability Details
CVEID:CVE-2013-0248
**DESCRIPTION:**Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/82618 for the current score.
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Business Service Manager | 6.2.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Tivoli Business Service Manager 6.2.0 | 6.2.0.3 IF | IJ32982 | Upgrade to Upgrade to IBM Tivoli Business Service Manager 6.2.0.3 IF2 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli business service manager | eq | 6.2.0 |
Related
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%