Vulnerability Name:

CVE-2017-1382 (CCN-127153)

Assigned:2016-11-30
Published:2017-07-20
Updated:2019-10-03
Summary:IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
CVSS v3 Severity:7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-276
Vulnerability Consequences:Data Manipulation
References:Source: MITRE
Type: CNA
CVE-2017-1382

Source: CCN
Type: IBM Security Bulletin 2004785 (WebSphere Application Server)
WebSphere Application Server may have insecure file permissions (CVE-2017-1382)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22004785

Source: CCN
Type: IBM Security Bulletin 2007447 (Tivoli Netcool Configuration Manager)
WebSphere Application Server may have insecure file permissions (CVE-2017-1382) that may affect IBM Tivoli Netcool Configuration Manager (ITNCM)

Source: CCN
Type: IBM Security Bulletin 2007663 (Tivoli Storage Productivity Center)
Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1382)

Source: CCN
Type: IBM Security Bulletin 2007774 (Emptoris Strategic Supply Management)
Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380, CVE-2017-1382)

Source: CCN
Type: IBM Security Bulletin 2010172 (WebSphere Application Server for Bluemix)
Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Source: CCN
Type: IBM Security Bulletin C1000355 (Cloud Orchestrator)
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2017-1382 )

Source: BID
Type: Third Party Advisory, VDB Entry
99960

Source: CCN
Type: BID-99960
IBM WebSphere Application Server CVE-2017-1382 Local Security Bypass Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1038977

Source: MISC
Type: VDB Entry, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/127153

Source: XF
Type: UNKNOWN
ibm-websphere-cve20171382-file-access(127153)

Source: CCN
Type: IBM Security Bulletin 2006929 (Content Collector)
IBM Content Collector for Email affected by vulnerability due to WebSphere Application Server having insecure permissions when custom start up scripts are used

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 7.0.0.0 and <= 7.0.0.43)
  • OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.0.0.0 and <= 8.0.0.13)
  • OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 8.5.0.0 and <= 8.5.5.12)
  • OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version >= 9.0.0.0 and <= 9.0.0.4)

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:tivoli_storage_productivity_center:5.1:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_collector:3.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_strategic_supply_management:10.0.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm websphere application server *
    ibm websphere application server *
    ibm websphere application server *
    ibm websphere application server *
    ibm websphere application server 7.0
    ibm websphere application server 8.0
    ibm websphere application server 8.5
    ibm websphere application server 9.0
    tivoli_storage_productivity_center 5.1 -
    ibm content collector 3.0.0.0
    ibm cloud orchestrator 2.3
    ibm cloud orchestrator 2.4
    ibm cloud orchestrator 2.3.0.1
    ibm cloud orchestrator 2.4.0.1
    ibm cloud orchestrator 2.4.0.2
    ibm cloud orchestrator 2.5
    ibm cloud orchestrator 2.4.0.3
    ibm emptoris strategic supply management 10.0.0.0