CVE-2014-3020 - Vulnerability Details - OpenCVE

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Embedded Websphere Application Server Tivoli Integrated Portal

Configuration 1 [-]

OR	cpe:2.3:a:ibm:embedded_websphere_application_server:7.0:::::::*
	cpe:2.3:a:ibm:tivoli_integrated_portal:2.1:::::::*
	cpe:2.3:a:ibm:tivoli_integrated_portal:2.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/59687
http://secunia.com/advisories/59795
http://secunia.com/advisories/60552
http://www-01.ibm.com/support/docview.wss?uid=swg21679952
http://www-01.ibm.com/support/docview.wss?uid=swg21680254
http://www-01.ibm.com/support/docview.wss?uid=swg21680841
http://www.securityfocus.com/bid/69034
https://exchange.xforce.ibmcloud.com/vulnerabilities/93056

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-07-29T20:00:00

Updated: 2024-08-06T10:28:46.352Z

Reserved: 2014-04-29T00:00:00

Link: CVE-2014-3020

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-07-29T20:55:08.053

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3020

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "59687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59687"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"}, {"name": "69034", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69034"}, {"name": "ibm-tip-ewas-cve20143020-install(93056)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"}, {"name": "60552", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60552"}, {"name": "59795", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59795"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-3020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "59687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59687"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"}, {"name": "69034", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69034"}, {"name": "ibm-tip-ewas-cve20143020-install(93056)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"}, {"name": "60552", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60552"}, {"name": "59795", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59795"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.352Z"}, "title": "CVE Program Container", "references": [{"name": "59687", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59687"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"}, {"name": "69034", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69034"}, {"name": "ibm-tip-ewas-cve20143020-install(93056)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"}, {"name": "60552", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60552"}, {"name": "59795", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59795"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-3020", "datePublished": "2014-07-29T20:00:00", "dateReserved": "2014-04-29T00:00:00", "dateUpdated": "2024-08-06T10:28:46.352Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:embedded_websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "264368E3-B7DD-40D5-BC93-CBEA1FACAD1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_integrated_portal:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF0A022A-FD88-4B25-83DF-72E9E8A56E6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_integrated_portal:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5971B076-A868-4DDA-B5BD-F345E282597F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program."}, {"lang": "es", "value": "install.sh en Embedded WebSphere Application Server (eWAS) 7.0 anterior a FP33 en IBM Tivoli Integrated Portal (TIP) 2.1 y 2.2 configura permisos de lectura universal para el \u00e1rbol de directorio installRoot, lo que permite a usuarios locales ganar privilegios a trav\u00e9s de un programa de caballo de troya."}], "id": "CVE-2014-3020", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-29T20:55:08.053", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59687"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/59795"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/60552"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/69034"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}