Lucene search
MitreCVE-2009-3518HistoryOct 01, 2009 - 3:30 p.m.
CVE-2009-3518
2009-10-0115:30:00
CWE-94
mitre
web.nvd.nist.gov
26
ibm
ibmim.exe
argument injection vulnerability
remote attackers
dll files
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.019
Percentile
88.7%
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
Affected configurations
Node
ibminstallation_managerRange≤1.3.2
ORibminstallation_managerMatch1.0
ORibminstallation_managerMatch1.2.1
ORibminstallation_managerMatch1.3.0
ORibminstallation_managerMatch1.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | installation_manager | * | cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:* |
| ibm | installation_manager | 1.0 | cpe:2.3:a:ibm:installation_manager:1.0:*:*:*:*:*:*:* |
| ibm | installation_manager | 1.2.1 | cpe:2.3:a:ibm:installation_manager:1.2.1:*:*:*:*:*:*:* |
| ibm | installation_manager | 1.3.0 | cpe:2.3:a:ibm:installation_manager:1.3.0:*:*:*:*:*:*:* |
| ibm | installation_manager | 1.3.1 | cpe:2.3:a:ibm:installation_manager:1.3.1:*:*:*:*:*:*:* |
Related
saint
saint
IBM Installation Manager iim URI Handling Code Execution
2009-10-16 00:00:00
IBM Installation Manager iim URI Handling Code Execution
2009-10-16 00:00:00
IBM Installation Manager iim URI Handling Code Execution
2009-10-16 00:00:00
prion
prion
Design/Logic Flaw
2009-10-01 15:30:00
cvelist
cvelist
CVE-2009-3518
2009-10-01 15:00:00
openvas
openvas
nvd
nvd
CVE-2009-3518
2009-10-01 15:30:00
exploitdb
exploitdb
IBM Installation Manager 1.3.0 - 'iim://' URI handler
2009-09-29 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.7
Confidence
Low
EPSS
0.019
Percentile
88.7%
Related for CVE-2009-3518