Total vulnerabilities in the database
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.
| Software | From | Fixed in |
|---|---|---|
| ibm / embedded_websphere_application_server | 7.0 | 7.0.x |
| ibm / tivoli_integrated_portal | 2.1 | 2.1.x |
| ibm / tivoli_integrated_portal | 2.2 | 2.2.x |