A vulnerability was found in IBM AIX Parallel Systems Support Programs 3.1.1/3.2/3.4 (Operating System). It has been declared as problematic. This vulnerability affects some unknown processing of the component File Collection Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection.

The weakness was disclosed 04/01/2002 as confirmed advisory (CERT.org). The advisory is shared for download at kb.cert.org. This vulnerability was named CVE-2002-1620 since 03/26/2005. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (10671). Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• IBM

Name

• AIX Parallel Systems Support Programs

Version

• 3.1.1
• 3.2
• 3.4

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion