PT-2017-13131 · Ibm · Ibm Websphere Application Server

Publicado

2017-07-24

Atualizado

2019-10-03

CVE-2017-1382

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0

Description The issue allows a local attacker to potentially gain access to files with unknown impact due to the application server creating files using default permissions instead of customized permissions when custom startup scripts are used.

Recommendations For IBM WebSphere Application Server versions 7.0 through 9.0, consider modifying the custom startup scripts to ensure files are created with the intended customized permissions until a fix is available.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2017-1382

Produtos afetados

Ibm Websphere Application Server

PT-2017-13131 · Ibm · Ibm Websphere Application Server

CVE-2017-1382

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6