Untrusted Search Path Vulnerability in IBM InfoSphere BigInsights
CVE-2015-1947

7.4HIGH

Key Information:

Vendor
IBM
Status
Infosphere Biginsights
Vendor
CVE Published:
31 December 2015

Summary

An untrusted search path vulnerability exists in IBM InfoSphere BigInsights when utilizing a DB2 database, allowing local users to exploit a Trojan horse library. This vulnerability can enable an attacker to gain elevated privileges via a setuid or setgid program, undermining system security and potentially leading to unauthorized access.

References

http://www.securitytracker.com/id/1034562
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1034537
vdb-entryx_refsource_SECTRACK
http://www-304.ibm.com/support/docview.wss?uid=swg21970376
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.