CVE-2013-3005 — IBM Vios vulnerability

CWE-2643 documents3 sources

Severity

8.5HIGHNVD

EPSS

1.2%

top 20.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedJul 6

Latest updateMay 17

Description

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/vios2.2.2.2

▶NVDibm/aix6.1, 7.1+1

🔴Vulnerability Details

GHSA

GHSA-jcc4-rcvw-33hq: The TFTP client in IBM AIX 6↗2022-05-17

▶

CVEList

CVE-2013-3005: The TFTP client in IBM AIX 6↗2013-07-06

▶