install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm embedded websphere application server 7.0 |
||
ibm tivoli integrated portal 2.2 |
||
ibm tivoli integrated portal 2.1 |