CVE-2013-2989

Currently unrated

Key Information:

Vendor: IBM
Status: Sterling Connect
Vendor: CVE Published:; 28 May 2013

Summary

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21637561

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/84016

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 28, 2013
Vulnerability Reserved
Apr 12, 2013