Vulnerability Description
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Embedded Websphere Application Server | 7.0 |
| Ibm | Tivoli Integrated Portal | 2.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/59687
- http://secunia.com/advisories/59795
- http://secunia.com/advisories/60552
- http://www-01.ibm.com/support/docview.wss?uid=swg21679952Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680254
- http://www-01.ibm.com/support/docview.wss?uid=swg21680841
- http://www.securityfocus.com/bid/69034
- https://exchange.xforce.ibmcloud.com/vulnerabilities/93056
- http://secunia.com/advisories/59687
- http://secunia.com/advisories/59795
- http://secunia.com/advisories/60552
- http://www-01.ibm.com/support/docview.wss?uid=swg21679952Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680254
- http://www-01.ibm.com/support/docview.wss?uid=swg21680841
- http://www.securityfocus.com/bid/69034
FAQ
What is CVE-2014-3020?
CVE-2014-3020 is a vulnerability with a CVSS score of 6.9 (MEDIUM). install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, whi...
How severe is CVE-2014-3020?
CVE-2014-3020 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3020?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Embedded Websphere Application Server, Ibm Tivoli Integrated Portal.