Vulnerability Description
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Sterling Connect | 3.8.00 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449
- http://www-01.ibm.com/support/docview.wss?uid=swg21637561Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84016
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC86449
- http://www-01.ibm.com/support/docview.wss?uid=swg21637561Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84016
FAQ
What is CVE-2013-2989?
CVE-2013-2989 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read pe...
How severe is CVE-2013-2989?
CVE-2013-2989 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2989?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Sterling Connect.