Insecure File Permissions in IBM Integration Bus and IBM WebSphere Message Broker
CVE-2017-1418
4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 26 November 2018
Summary
IBM Integration Bus versions 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14, as well as IBM WebSphere Message Broker versions 8.0.0.0 and 8.0.0.9, have been identified with insecure permissions on specific files. This flaw allows a local attacker the potential to modify or delete sensitive files, leading to disruptions or unauthorized access. Organizations utilizing affected versions should assess their systems for vulnerability and consider remediation steps to safeguard against possible exploitation. For more insights, you can review the security details provided by IBM's official documentation.
Affected Version(s)
Integration Bus 9.0.0.0
Integration Bus 10.0.0.14
Integration Bus 9.0.0.11
References
CVSS V3.1
Score:
4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved