Vulnerability Details : CVE-2016-0380
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
Products affected by CVE-2016-0380
- cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.0:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.1:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.2:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.3:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.1.0.4:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.0:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.1:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.2:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.3:*:*:*:*:unix:*:*
- cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0.4:*:*:*:*:unix:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0380
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0380
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST |
CWE ids for CVE-2016-0380
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0380
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT14769
IBM IT14769: TRANSFERRED FILES HAVE INCORRECT PERMISSIONSPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/92336
IBM Sterling Connect:Direct for UNIX CVE-2016-0380 Insecure File Permissions VulnerabilityThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21988278
IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).Mitigation;Patch;Vendor Advisory
Jump to