Vulnerability Description
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 7.1.1 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.ascVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV51420Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV51421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91396
- http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.ascVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV51420Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV51421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91396
FAQ
What is CVE-2014-0899?
CVE-2014-0899 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and mo...
How severe is CVE-2014-0899?
CVE-2014-0899 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0899?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.