Описание
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
Ссылки
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.2 (включая)
Одно из
cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:installation_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:installation_manager:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:installation_manager:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:installation_manager:1.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0786
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
EPSS
Процентиль: 92%
0.0786
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-94