The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg21637561 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/84016 - |
Information
Published : 2013-05-28 16:55
Updated : 2024-11-21 01:52
NVD link : CVE-2013-2989
Mitre link : CVE-2013-2989
CVE.ORG link : CVE-2013-2989
JSON object : View
Products Affected
ibm
- sterling_connect
CWE
CWE-264
Permissions, Privileges, and Access Controls