CVE-2013-2989

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:sterling_connect:3.8.00:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect:4.0.00:*:*:*:*:*:*:*
cpe:2.3:a:ibm:sterling_connect:4.1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type Values Removed Values Added
References () http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449 - () http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21637561 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21637561 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/84016 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/84016 -

Information

Published : 2013-05-28 16:55

Updated : 2024-11-21 01:52


NVD link : CVE-2013-2989

Mitre link : CVE-2013-2989

CVE.ORG link : CVE-2013-2989


JSON object : View

Products Affected

ibm

  • sterling_connect
CWE
CWE-264

Permissions, Privileges, and Access Controls