CVE-2018-1903 - OpenCVE

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Sterling Connect\

Configuration 1 [-]

OR	cpe:2.3:a:ibm:sterling_connect\:direct:4.2.0:::::unix::
	cpe:2.3:a:ibm:sterling_connect\:direct:4.3.0:::::unix::
	cpe:2.3:a:ibm:sterling_connect\:direct:6.0.0:::::unix::

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=ibm10875386	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/152532	Vendor Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2019-04-01T00:00:00

Updated: 2019-04-10T14:30:27

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1903

JSON object: View

NVD Information

Status : Modified

Published: 2019-04-10T15:29:00.250

Modified: 2019-10-09T23:39:19.133

Link: CVE-2018-1903

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Sterling Connect:Direct for UNIX", "vendor": "IBM", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "6.0.0"}]}], "datePublic": "2019-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.8, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/C:H/UI:N/AC:L/AV:L/I:H/A:H/S:U/PR:H/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Gain Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-10T14:30:27", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875386"}, {"name": "ibm-sterling-cve20181903-priv-escalation (152532)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152532"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-04-01T00:00:00", "ID": "CVE-2018-1903", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sterling Connect:Direct for UNIX", "version": {"version_data": [{"version_value": "4.2.0"}, {"version_value": "4.3.0"}, {"version_value": "6.0.0"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "L", "C": "H", "I": "H", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Gain Privileges"}]}]}, "references": {"reference_data": [{"name": "http://www.ibm.com/support/docview.wss?uid=ibm10875386", "refsource": "CONFIRM", "title": "IBM Security Bulletin 875386 (Sterling Connect:Direct for UNIX)", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875386"}, {"name": "ibm-sterling-cve20181903-priv-escalation (152532)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152532"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1903", "datePublished": "2019-04-01T00:00:00", "dateReserved": "2017-12-13T00:00:00", "dateUpdated": "2019-04-10T14:30:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.2.0:*:*:*:*:unix:*:*", "matchCriteriaId": "30BE94F1-F851-4BE9-BDE3-7B2DBB7719F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:4.3.0:*:*:*:*:unix:*:*", "matchCriteriaId": "DE4B0D2D-2A5C-44C5-9FFC-CB4381C5D471", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:sterling_connect\\:direct:6.0.0:*:*:*:*:unix:*:*", "matchCriteriaId": "9B61850E-CD46-4CB1-8853-A5B1EF6FA5F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532."}, {"lang": "es", "value": "IBM Sterling Connect: Direct para UNIX versi\u00f3n 4.2.0,versi\u00f3n 4.3.0 y versi\u00f3n 6.0.0 podr\u00eda permitir a un usuario con acceso sudo restringido en un sistema manipular CD UNIX para obtener acceso completo sudo. ID de IBM X-Force: 152532."}], "id": "CVE-2018-1903", "lastModified": "2019-10-09T23:39:19.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2019-04-10T15:29:00.250", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10875386"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152532"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}