CVE-2009-1240

Опубликовано: 03 апр. 2009

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.

Комментарий

Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417

Although the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.

The Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.

No other IBM ISS products currently incorporate the Virus Prevention System technology.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*

cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:network_multi-function_security:*:*:*:*:*:*:*:*

cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00919

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-77p4-xq4m-gmp5

github

почти 4 года назад