CVE-2015-1947

7.4HIGH

Key Information:

Vendor: IBM
Status: Infosphere Biginsights
Vendor: CVE Published:; 31 December 2015

Summary

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.

References

http://www.securitytracker.com/id/1034562

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1034537

vdb-entryx_refsource_SECTRACK

http://www-304.ibm.com/support/docview.wss?uid=swg21970376

x_refsource_CONFIRM

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2015
Vulnerability Reserved
Feb 19, 2015