Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6DE62AB4E4A06E80B147B304448ED2BEE3D429ABCB1566098FBE0EFD45552F84
HistoryJun 16, 2018 - 1:06 p.m.

Security Bulletin: Elevation of privileges with version 7 of Embedded WAS affects Identity Insight (CVE-2014-3020)

2018-06-1613:06:48
www.ibm.com
9

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

eWAS 7.0 install script used by Identity Insight installer may allow elevation of privileges on UNIX platforms

Vulnerability Details

CVE ID:CVE-2014-3020

**DESCRIPTION:**IBM embedded WebSphere Application Server contains a privilege escalation. During an install a local user inadvertently give their write privileges to other users.

CVSS:
CVSS Base Score: 1.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93056&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

InfoSphere Identity Insight v8.1 and 8.0 – UNIX platforms.

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
Infosphere Identity Insight| 8.1.0|
| Support flash with instructions
Infosphere Identity Insight| 8.0.0|
| Support flash with instructions

Workarounds and Mitigations

None known.

Related

prion 1
cve 1
nvd 1
cvelist 1
ibm 1
prion
prion
Directory traversal
2014-07-29 20:55:00
cve
cve
CVE-2014-3020
2014-07-29 20:55:08
nvd
nvd
CVE-2014-3020
2014-07-29 20:55:08
cvelist
cvelist
CVE-2014-3020
2014-07-29 20:00:00
ibm
ibm
Security Bulletin: Elevation of privileges vulnerability in Embedded WAS used with Directory Server (CVE-2014-3020)
2018-06-16 21:18:39

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 6DE62AB4E4A06E80B147B304448ED2BEE3D429ABCB1566098FBE0EFD45552F84
prion1cve1nvd1cvelist1ibm1