Unauthorized Local Access in IBM Tivoli Workload Automation for AIX
CVE-2018-1386

7.4HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 March 2018

Summary

The IBM Tivoli Workload Automation for AIX contains directories with improper permissions that may allow a local user with special access to escalate their privileges to root. This vulnerability affects multiple versions of the IBM Workload Scheduler and could potentially lead to unauthorized access to sensitive system resources. Regular updates and proper permission configurations are essential to mitigate this risk.

Affected Version(s)

Workload Scheduler 8.6

Workload Scheduler 9.1

Workload Scheduler 9.2

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.