CVE-2015-1947

EUVD-2015-2052
Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
ibminfosphere_biginsights
3.0.0.0
ibminfosphere_biginsights
3.0.0.1
ibminfosphere_biginsights
3.0.0.2
ibminfosphere_biginsights
4.0.0.0
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg21967131
http://www-304.ibm.com/support/docview.wss?uid=swg21970376
http://www.securityfocus.com/bid/79693
http://www.securitytracker.com/id/1034537
http://www.securitytracker.com/id/1034562
http://www-01.ibm.com/support/docview.wss?uid=swg21967131
http://www-304.ibm.com/support/docview.wss?uid=swg21970376
http://www.securityfocus.com/bid/79693
http://www.securitytracker.com/id/1034537
http://www.securitytracker.com/id/1034562