CVE-2017-1382Incorrect Default Permissions in IBM Websphere Application Server

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 88.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedJul 24
Latest updateMay 13

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDibm/websphere_application_server7.0.0.07.0.0.43+3
CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-jq5v-whhp-4f84: IBM WebSphere Application Server 72022-05-13
CVEList
CVE-2017-1382: IBM WebSphere Application Server 72017-07-24
CVE-2017-1382 — Incorrect Default Permissions in IBM | cvebase