World-Writable Permissions in IBM Tivoli Integrated Portal Affecting eWAS
CVE-2014-3020

Currently unrated

Key Information:

Vendor

IBM
Status
Embedded Websphere Application Server
Tivoli Integrated Portal
Vendor
CVE Published:
29 July 2014

What is CVE-2014-3020?

The install.sh script used in the Embedded WebSphere Application Server (eWAS) versions prior to FP33 for IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 is improperly configured with world-writable permissions for the installRoot directory tree. This misconfiguration can lead to significant security risks, as it enables local users to exploit this vulnerability through the execution of a Trojan horse program, potentially gaining unauthorized privileges within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/59687
third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21680841
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21679952
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.