Insecure File Permissions in IBM Integration Bus and IBM WebSphere Message Broker
CVE-2017-1418

4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
26 November 2018

Summary

IBM Integration Bus versions 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14, as well as IBM WebSphere Message Broker versions 8.0.0.0 and 8.0.0.9, have been identified with insecure permissions on specific files. This flaw allows a local attacker the potential to modify or delete sensitive files, leading to disruptions or unauthorized access. Organizations utilizing affected versions should assess their systems for vulnerability and consider remediation steps to safeguard against possible exploitation. For more insights, you can review the security details provided by IBM's official documentation.

Affected Version(s)

Integration Bus 9.0.0.0

Integration Bus 10.0.0.14

Integration Bus 9.0.0.11

References

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.