CVE-2016-0394 — LOW (3.3) — White Hats Nepal

Vulnerability Description

IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Integration Bus	9.0
Ibm	Websphere Message Broker	8.0

Related Weaknesses (CWE)

CWE-275

References

http://www.ibm.com/support/docview.wss?uid=swg21985013PatchVendor Advisory
http://www.securityfocus.com/bid/94577Technical DescriptionVDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21985013PatchVendor Advisory
http://www.securityfocus.com/bid/94577Technical DescriptionVDB Entry

FAQ

What is CVE-2016-0394?

CVE-2016-0394 is a vulnerability with a CVSS score of 3.3 (LOW). IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files.

How severe is CVE-2016-0394?

CVE-2016-0394 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0394?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Integration Bus, Ibm Websphere Message Broker.