| Vulnerability Name: | CVE-2012-5938 (CCN-80493) | ||||||||
| Assigned: | 2012-11-21 | ||||||||
| Published: | 2013-03-15 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-5938 Source: CCN Type: SA52709 IBM InfoSphere Information Server Insecure File Permissions Security Issue Source: CCN Type: IBM Security Bulletin 1628844 Privilege escalation attacks possible due to improper file ownership/permissions in IBM InfoSphere Information Server (CVE-2012-5938) Source: CONFIRM Type: UNKNOWN http://www.ibm.com/support/docview.wss?uid=swg21628844 Source: CCN Type: BID-58544 IBM InfoSphere Information Server CVE-2012-5938 Insecure File Permissions Vulnerability Source: XF Type: UNKNOWN infosphere-file-priv-esc(80493) Source: XF Type: UNKNOWN infosphere-file-priv-esc(80493) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||