CVE-2011-1376 — IBM Websphere Application Server vulnerability

CWE-2643 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 86.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJan 19

Latest updateMay 17

Description

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server35 versions+34

🔴Vulnerability Details

GHSA

GHSA-wwg9-gfq6-f7h3: iscdeploy in IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2011-1376: iscdeploy in IBM WebSphere Application Server (WAS) 6↗2012-01-19

▶