CVE-2016-0380

3.3LOW

Key Information:

Vendor: IBM
Status: Sterling Connect\
Vendor: CVE Published:; 8 August 2016

Summary

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.

References

http://www.securityfocus.com/bid/92336

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21988278

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT14769

vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2016
Vulnerability Reserved
Dec 8, 2015