World-writable permissions in install.sh in eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2

World-writable permissions in install.sh in eWAS 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2

CVE-2014-3020 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Learn more about our Cis Benchmark Audit For Ibm I.