CVE Vulnerabilities

CVE-2016-0380

Published: Aug 08, 2016 | Modified: Jun 25, 2020
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.

Affected Software

Name Vendor Start Version End Version
Sterling_connect:direct Ibm 4.1.0.0 4.1.0.0
Sterling_connect:direct Ibm 4.1.0.1 4.1.0.1
Sterling_connect:direct Ibm 4.1.0.3 4.1.0.3
Sterling_connect:direct Ibm 4.1.0.4 4.1.0.4
Sterling_connect:direct Ibm 4.2.0.0 4.2.0.0
Sterling_connect:direct Ibm 4.2.0.1 4.2.0.1
Sterling_connect:direct Ibm 4.2.0.2 4.2.0.2
Sterling_connect:direct Ibm 4.2.0.3 4.2.0.3
Sterling_connect:direct Ibm 4.2.0.4 4.2.0.4
Sterling_connect:direct Ibm 4.1.0.2 4.1.0.2

References