nvd-json-data-feeds/CVE-2017/CVE-2017-13xx/CVE-2017-1382.json

{
  "id": "CVE-2017-1382",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2017-07-24T21:29:00.390",
  "lastModified": "2024-11-21T03:21:49.330",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere Application Server versi\u00f3n 7.0,versi\u00f3n 8.0,versi\u00f3n 8.5 y versi\u00f3n 9.0 podr\u00eda crear archivos usando los permisos por defecto en lugar de los permisos personalizados cuando se usan scripts de inicio personalizados. Un atacante local podr\u00eda explotar esto para obtener acceso a archivos con un impacto desconocido. ID de IBM X-Force: 127153."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "baseScore": 3.6,
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.0.0.0",
              "versionEndIncluding": "7.0.0.43",
              "matchCriteriaId": "98101B85-FFB7-4E21-AB44-9B8BE3ED9225"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.0.0.0",
              "versionEndIncluding": "8.0.0.13",
              "matchCriteriaId": "5BF39DFD-2907-4395-80E1-40764882AA28"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.5.0.0",
              "versionEndIncluding": "8.5.5.12",
              "matchCriteriaId": "F69D245F-F757-420B-80D9-24BFF1AD8B80"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "9.0.0.0",
              "versionEndIncluding": "9.0.0.4",
              "matchCriteriaId": "B1A8416E-DB6A-4FA6-9923-4533BE43BC9D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004785",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/99960",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1038977",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127153",
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004785",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/99960",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1038977",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127153",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ]
    }
  ]
}