Weak Permissions in IBM Tivoli Continuous Data Protection for Files Allows Local File Manipulation
CVE-2007-5819

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Continuous Data Protection For Files
Vendor: CVE Published:; 5 November 2007

Summary

The IBM Tivoli Continuous Data Protection for Files version 3.1.0 has been identified to use inadequate permissions for its Central Admin Global download directory. This flaw allows local users to write arbitrary files into this directory, which could be exploited to manipulate the CDP client update process. This vulnerability underscores the importance of proper permission settings in software applications to prevent unauthorized file access and ensure data integrity.

References

http://www.vupen.com/english/advisories/2007/3683

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/38215

vdb-entryx_refsource_XF

http://secunia.com/advisories/27473

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Nov 5, 2007