First published: Thu Jan 19 2012(Updated: )
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.21 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.31 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.19 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.33 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.25 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.11 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.41 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.39 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.9 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.1 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.27 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.29 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.7 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.3 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.17 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.13 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.15 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.23 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.35 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.37 | |
IBM WebSphere Application Server Feature Pack for Web Services | =6.1.0.5 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.5 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.15 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.9 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.11 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.19 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.17 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.7 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.13 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.3 | |
IBM WebSphere Application Server Feature Pack for Web Services | =7.0.0.1 | |
IBM WebSphere Application Server Feature Pack for Web Services | =8.0.0.1 | |
IBM WebSphere Application Server Feature Pack for Web Services | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-1376 is considered a moderate severity vulnerability due to the potential for local users to access sensitive files.
To fix CVE-2011-1376, it is recommended to update IBM WebSphere Application Server to the latest patched version that addresses the permissions issue.
Versions 6.1 prior to 6.1.0.43, 7.0 prior to 7.0.0.21, and 8.0 prior to 8.0.0.2 are affected by CVE-2011-1376.
Yes, local users can exploit CVE-2011-1376 to read or modify files if they have access to the specified directories.
The consequences of CVE-2011-1376 include unauthorized access to sensitive information and potential data tampering by local users.