CVE-2020-4347Incorrect Permission Assignment in IBM Infosphere Information Server

CWE-732Incorrect Permission AssignmentCWE-269Improper Privilege Management3 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.2%
top 62.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Infosphere Information Server
Timeline
PublishedApr 16
Latest updateMay 24

Description

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/infosphere_information_server11.3, 11.5, 11.7+2
NVDibm/infosphere_information_server11.3, 11.5, 11.7+2

🔴Vulnerability Details

2
GHSA
GHSA-9mm9-qw6c-8v7p: IBM InfoSphere Information Server 112022-05-24
CVEList
CVE-2020-4347: IBM InfoSphere Information Server 112020-04-16
CVE-2020-4347 — Incorrect Permission Assignment in IBM | cvebase