Unrated severityNVD Advisory· Published May 28, 2013· Updated Apr 29, 2026

CVE-2013-2989

Description

The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.

Affected products

IBM/Sterling Connect\3 versions
cpe:2.3:a:ibm:sterling_connect:3.8.00:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:sterling_connect:3.8.00:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:4.0.00:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_connect:4.1.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www-01.ibm.com/support/docview.wssnvdVendor Advisory
www-01.ibm.com/support/docview.wssnvd
exchange.xforce.ibmcloud.com/vulnerabilities/84016nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000