PT-2013-4083 · Ibm · Ibm Sterling Connect:Direct

Published

2013-05-28

Updated

2017-08-29

CVE-2013-2989

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Direct versions 3.8.00 through 4.1.0

Description The issue concerns the file-copying functionality, which uses incorrect privileges. This allows local users to bypass filesystem read and write permissions by authenticating to the Connect:Direct product.

Recommendations For versions 3.8.00 through 4.1.0, consider restricting access to the file-copying functionality until a fix is available. As a temporary workaround, limit the privileges assigned to the Connect:Direct product to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-2989

Affected Products

Ibm Sterling Connect:Direct

PT-2013-4083 · Ibm · Ibm Sterling Connect:Direct

CVE-2013-2989

Weakness Enumeration

Related Identifiers

Affected Products

References · 4