CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-3020

MEDIUM
6.9
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile17.47th
Published2014年7月29日
Last Modified2026年5月6日

Vulnerability Description

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Affected Platforms (CPE)

📦
Ibm

Embedded Websphere Application Server

= 7.0
📦
Ibm

Tivoli Integrated Portal

= 2.1
📦
Ibm

Tivoli Integrated Portal

= 2.2

References & Advisories

🔗 http://secunia.com/advisories/59687
🔗 http://secunia.com/advisories/59795
🔗 http://secunia.com/advisories/60552
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21679952
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21680254
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21680841
🔗 http://www.securityfocus.com/bid/69034
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/93056

相关漏洞威胁

CVE-2011-13206.8

The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli ...

CVE-2014-052310.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-844710.0

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-844910.0

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to e...