PT-2015-1301 · Ibm · Ibm Security Siteprotector System

Publicado

2015-05-25

·

Atualizado

2015-05-26

·

CVE-2015-0160

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions IBM Security SiteProtector System versions 3.0 before 3.0.0.7 IBM Security SiteProtector System versions 3.1 before 3.1.0.4 IBM Security SiteProtector System versions 3.1.1 before 3.1.1.2
Description The issue is related to insufficient access control for certain functions, allowing remote authenticated users to execute arbitrary commands with SYSTEM privileges. This can be exploited by a remote authenticated user to gain elevated access.
Recommendations For IBM Security SiteProtector System versions 3.0 before 3.0.0.7, update to version 3.0.0.7 or later. For IBM Security SiteProtector System versions 3.1 before 3.1.0.4, update to version 3.1.0.4 or later. For IBM Security SiteProtector System versions 3.1.1 before 3.1.1.2, update to version 3.1.1.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2015-10358
CVE-2015-0160

Produtos afetados

Ibm Security Siteprotector System