NVD

Id
31297  
Name
CVE-2014-3020  
Description
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2014-07-29  
Modified Date
2017-07-17  
Seq
2014-3020  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
163931 31297 CVE-2014-3020 59687  View
163932 31297 CVE-2014-3020 59795  View
163933 31297 CVE-2014-3020 60552  View
163934 31297 CVE-2014-3020 http://www-01.ibm.com/support/docview.wss?uid=swg21679952  View
163935 31297 CVE-2014-3020 http://www-01.ibm.com/support/docview.wss?uid=swg21680841  View
163936 31297 CVE-2014-3020 69034  View
163937 31297 CVE-2014-3020 ibm-tip-ewas-cve20143020-install(93056)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14764 JVNDB-2014-003639 IBM Tivoli Integrated Portal の Embedded WebSphere Application Server の install.sh における権限を取得される脆弱性 IBM Tivoli Integrated Portal (TIP) の Embedded WebSphere Application Server (eWAS) の install.sh は、installRoot ディレクトリのツリーに誰でも読み取り可能な権限 (world-readable permission) を設定するため、権限を取得される脆弱性が存在します。 CVE-2014-3020 70307 CVE-2014-3020 31297 6.9 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003639.html 2014-07-24 2014-08-01 View