Vulnerability Details : CVE-2014-0899
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
Exploit prediction scoring system (EPSS) score for CVE-2014-0899
Probability of exploitation activity in the next 30 days: 0.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0899
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0899
-
http://www.ibm.com/support/docview.wss?uid=isg1IV51420
IBM IV51420: VERSIONED 5.2 WPAR IS OVER-PRIVILEGEDVendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=isg1IV51421
IBM IV51421: VERSIONED 5.2 WPAR IS OVER-PRIVILEGED
-
http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91396
IBM AIX unauthorized file access CVE-2014-0899 Vulnerability Report
Products affected by CVE-2014-0899
- cpe:2.3:o:ibm:aix:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:7.1.2:*:*:*:*:*:*:*