CVE-2007-2063

CVE-2007-2063 is a medium-severity vulnerability in Ssh Tectia Server with a CVSS 2.0 base score of 4.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-264.

Key facts

Description

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

Frequently asked questions

What is CVE-2007-2063?
SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.
How severe is CVE-2007-2063?
CVE-2007-2063 has a CVSS 2.0 base score of 4.4, rated medium severity.
Is CVE-2007-2063 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (22nd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-2063?
CVE-2007-2063 primarily affects Ssh Tectia Server. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2007-2063?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2007-2063 published?
CVE-2007-2063 was published on 2007-04-18 and last updated on 2026-06-16.

References

Affected products (4)

More vulnerabilities in Ssh Tectia Server

All CVEs affecting Ssh Tectia Server →

Other CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities

Browse all CWE-264 (Permissions, Privileges, and Access Controls) vulnerabilities →