Design/Logic Flaw

2007-11-0518:46:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.

CPENameOperatorVersion
tivoli_continuous_data_protection_for_fileseq3.1.0

CPE	Name	Operator	Version
	tivoli_continuous_data_protection_for_files	eq	3.1.0

References

secunia.com/advisories/27473

www-1.ibm.com/support/docview.wss?uid=swg1IC54264

www.securityfocus.com/bid/26293

www.vupen.com/english/advisories/2007/3683

exchange.xforce.ibmcloud.com/vulnerabilities/38215