Описание
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.0.18 (включая)Версия до 7.1 (включая)
Одновременно
Одно из
cpe:2.3:a:ibm:invscout.rte:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:invscout.rte:2.2.0.17:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00024
Низкий
4 Medium
CVSS2
Дефекты
CWE-59
Связанные уязвимости
github
больше 3 лет назад
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
EPSS
Процентиль: 6%
0.00024
Низкий
4 Medium
CVSS2
Дефекты
CWE-59