CVE-2017-1382
Last modified
CVE-2017-1382 is a vulnerability of currently unknown severity. IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | >= 7.0.0.0, <= 7.0.0.43 |
| Ibm | Websphere Application Server | >= 8.0.0.0, <= 8.0.0.13 |
| Ibm | Websphere Application Server | >= 8.5.0.0, <= 8.5.5.12 |
| Ibm | Websphere Application Server | >= 9.0.0.0, <= 9.0.0.4 |
References
- http://www.ibm.com/support/docview.wss?uid=swg22004785Patch, Vendor Advisory
- http://www.securityfocus.com/bid/99960Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038977Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/127153VDB Entry, Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg22004785Patch, Vendor Advisory
- http://www.securityfocus.com/bid/99960Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038977Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/127153VDB Entry, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-1382?
How severe is CVE-2017-1382?
How do I fix CVE-2017-1382?
Are you affected by CVE-2017-1382?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST