Описание
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
Ссылки
- PatchVendor Advisory
- MitigationPatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- MitigationPatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.0:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.1:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.2:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.3:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.4:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.0:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.1:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.2:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.3:*:*:*:*:unix:*:*
cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.4:*:*:*:*:unix:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
3.3 Low
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
CVSS3: 3.3
github
больше 3 лет назад
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
EPSS
Процентиль: 12%
0.00041
Низкий
3.3 Low
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-264