Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1376

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2011-1376
Last Modified 19 Jan 2012 12:00:00
Published 19 Jan 2012 06:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1376

Summary

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.23

  • Ibm Websphere Application Server 6.1.0.25

  • Ibm Websphere Application Server 6.1.0.27

  • Ibm Websphere Application Server 6.1.0.29

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.31

  • Ibm Websphere Application Server 6.1.0.33

  • Ibm Websphere Application Server 6.1.0.35

  • Ibm Websphere Application Server 6.1.0.37

  • Ibm Websphere Application Server 6.1.0.39

  • Ibm Websphere Application Server 6.1.0.41

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1

  • Ibm Websphere Application Server 7.0.0.11

  • Ibm Websphere Application Server 7.0.0.13

  • Ibm Websphere Application Server 7.0.0.15

  • Ibm Websphere Application Server 7.0.0.17

  • Ibm Websphere Application Server 7.0.0.19

  • Ibm Websphere Application Server 7.0.0.3

  • Ibm Websphere Application Server 7.0.0.5

  • Ibm Websphere Application Server 7.0.0.7

  • Ibm Websphere Application Server 7.0.0.9

  • Ibm Websphere Application Server 8.0

  • Ibm Websphere Application Server 8.0.0.1


References

XF - was-iscdeploy-insecure-permissions(71230)

AIXAPAR - PM49712

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg24031675

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21569205


Last Updated: 27 May 2016 10:57:22