PT-2016-4174 · Ibm · Ibm Sterling Connect:Direct

Published

2016-08-08

Updated

2020-06-25

CVE-2016-0380

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling Connect:Direct for Unix versions 4.1.0 through 4.1.0.4 iFix072 and versions 4.2.0 through 4.2.0.4 iFix002

Description The issue allows local users to obtain sensitive information via standard filesystem operations due to the use of default file permissions of 0664.

Recommendations For versions 4.1.0 through 4.1.0.4 iFix072, update to version 4.1.0.4 iFix073 or later. For versions 4.2.0 through 4.2.0.4 iFix002, update to version 4.2.0.4 iFix003 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-0380

Affected Products

Ibm Sterling Connect:Direct

PT-2016-4174 · Ibm · Ibm Sterling Connect:Direct

CVE-2016-0380

Weakness Enumeration

Related Identifiers

Affected Products

References · 5