CVE-2013-2989

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Direct versions 3.8.00 through 4.1.0

Description The issue concerns the file-copying functionality, which uses incorrect privileges. This allows local users to bypass filesystem read and write permissions by authenticating to the Connect:Direct product.

Recommendations For versions 3.8.00 through 4.1.0, consider restricting access to the file-copying functionality until a fix is available. As a temporary workaround, limit the privileges assigned to the Connect:Direct product to minimize the risk of exploitation.