CVE-2014-3020

Severity

69%

Complexity

34%

Confidentiality

165%

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

IBM

First reported 10 years ago

2014-07-29 20:55:00

Last updated 7 years ago

2017-08-29 01:34:00

Affected Software

IBM Embedded WebSphere Application Server (eWAS) 7.0

7.0

IBM Tivoli Integrated Portal (TIP) 2.1

2.1

IBM Tivoli Integrated Portal (TIP) 2.2

2.2

References

59687

59795

60552

69034

http://www-01.ibm.com/support/docview.wss?uid=swg21679952

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21680254

http://www-01.ibm.com/support/docview.wss?uid=swg21680841

ibm-tip-ewas-cve20143020-install(93056)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.