Privilege Escalation Vulnerability in IBM Sterling Connect:Direct for AIX
CVE-2013-2989

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect
Vendor: CVE Published:; 28 May 2013

Summary

The file-copying functionality in IBM Sterling Connect:Direct versions 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 is susceptible to a vulnerability that allows local users to bypass filesystem read and write permissions. This flaw stems from incorrect privilege settings, enabling authenticated users to gain unauthorized access to sensitive files and directories within the system.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21637561

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/84016

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 28, 2013
Vulnerability Reserved
Apr 12, 2013