PT-2017-13131 · Ibm · Ibm Websphere Application Server

Published

2017-07-24

Updated

2019-10-03

CVE-2017-1382

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 9.0

Description The issue allows a local attacker to potentially gain access to files with unknown impact due to the application server creating files using default permissions instead of customized permissions when custom startup scripts are used.

Recommendations For IBM WebSphere Application Server versions 7.0 through 9.0, consider modifying the custom startup scripts to ensure files are created with the intended customized permissions until a fix is available.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2017-1382

Affected Products

Ibm Websphere Application Server

PT-2017-13131 · Ibm · Ibm Websphere Application Server

CVE-2017-1382

Weakness Enumeration

Related Identifiers

Affected Products

References · 6