Lucene search

MitreCVE-2009-0880

HistoryMar 12, 2009 - 3:20 p.m.

CVE-2009-0880

2009-03-1215:20:49

CWE-22

mitre

web.nvd.nist.gov

ibm director

cve-2009-0880

directory traversal

cim server

windows

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.405

Percentile

97.3%

JSON

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a … (dot dot) in a /CIMListener/ URI in an M-POST request.

Affected configurations

Nvd

Node

ibmdirectorRange≤5.20.3service_update_1

ibmdirectorMatch3.1.1

ibmdirectorMatch4.10

ibmdirectorMatch4.11

ibmdirectorMatch4.12

ibmdirectorMatch4.20

ibmdirectorMatch4.21

ibmdirectorMatch4.22

ibmdirectorMatch5.10.0

ibmdirectorMatch5.10.1

ibmdirectorMatch5.10.2

ibmdirectorMatch5.10.3

ibmdirectorMatch5.20.0

ibmdirectorMatch5.20.1

ibmdirectorMatch5.20.2

AND

microsoftwindows

VendorProductVersionCPE
ibmdirector*cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*
ibmdirector3.1.1cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*
ibmdirector4.10cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*
ibmdirector4.11cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*
ibmdirector4.12cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*
ibmdirector4.20cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*
ibmdirector4.21cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*
ibmdirector4.22cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*
ibmdirector5.10.0cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*
ibmdirector5.10.1cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	director	*	cpe:2.3:a:ibm:director::service_update_1::::::*
ibm	director	3.1.1	cpe:2.3:a:ibm:director:3.1.1:::::::*
ibm	director	4.10	cpe:2.3:a:ibm:director:4.10:::::::*
ibm	director	4.11	cpe:2.3:a:ibm:director:4.11:::::::*
ibm	director	4.12	cpe:2.3:a:ibm:director:4.12:::::::*
ibm	director	4.20	cpe:2.3:a:ibm:director:4.20:::::::*
ibm	director	4.21	cpe:2.3:a:ibm:director:4.21:::::::*
ibm	director	4.22	cpe:2.3:a:ibm:director:4.22:::::::*
ibm	director	5.10.0	cpe:2.3:a:ibm:director:5.10.0:::::::*
ibm	director	5.10.1	cpe:2.3:a:ibm:director:5.10.1:::::::*