CVE-2014-3020

Currently unrated

Key Information:

Vendor: IBM
Status: Embedded Websphere Application Server; Tivoli Integrated Portal
Vendor: CVE Published:; 29 July 2014

Summary

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

References

http://secunia.com/advisories/59687

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=swg21680841

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21679952

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 29, 2014
Vulnerability Reserved
Apr 29, 2014