CVE-2014-3038CVE-2014-3038

Affected configuration(s):

cpe:/a:ibm:spss_modeler:16.0.0.0

Date published: 2014-06-08T19:55:02.507-04:00

Date last modified: 2017-08-28T21:34:36.453-04:00

CVSS Score: 3.6

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www-01.ibm.com/support/docview.wss?uid=swg21675043

Summary: IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root’s group memberships.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *