CyberSec.Space Logo
Back to CVE Browser

CVE-2014-3020

MEDIUM
6.9
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile17.47th
PublishedJul 29, 2014
Last ModifiedMay 6, 2026

Vulnerability Description

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Affected Platforms (CPE)

πŸ“¦
Ibm

Embedded Websphere Application Server

= 7.0
πŸ“¦
Ibm

Tivoli Integrated Portal

= 2.1
πŸ“¦
Ibm

Tivoli Integrated Portal

= 2.2

References & Advisories

πŸ”— http://secunia.com/advisories/59687
πŸ”— http://secunia.com/advisories/59795
πŸ”— http://secunia.com/advisories/60552
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21679952
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21680254
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21680841
πŸ”— http://www.securityfocus.com/bid/69034
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/93056

Related Vulnerabilities

CVE-2011-13206.8

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli ...

CVE-2014-832910.0

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient ac...

CVE-2014-382810.0

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow re...

CVE-2014-382910.0

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attacker...