Lucene search
MitreCVE-2011-1391HistoryDec 23, 2011 - 10:55 p.m.
CVE-2011-1391
2011-12-2322:55:00
CWE-94
mitre
web.nvd.nist.gov
39
cve-2011-1391
blueberry flashback
bb flashback
ibm rational rhapsody
arbitrary code execution
activex control
vulnerability
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.43
Percentile
97.4%
The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.
Affected configurations
Node
.bbsoftwarebb_flashback
ibmrational_rhapsodyRange≤7.6.0.1
ORibmrational_rhapsodyMatch7.5
ORibmrational_rhapsodyMatch7.5.0.1
ORibmrational_rhapsodyMatch7.5.1
ORibmrational_rhapsodyMatch7.5.1.1
ORibmrational_rhapsodyMatch7.5.2
ORibmrational_rhapsodyMatch7.5.2.1
ORibmrational_rhapsodyMatch7.5.3
ORibmrational_rhapsodyMatch7.5.3.1
ORibmrational_rhapsodyMatch7.5.3.2
ORibmrational_rhapsodyMatch7.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| .bbsoftware | bb_flashback | * | cpe:2.3:a:.bbsoftware:bb_flashback:*:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | * | cpe:2.3:a:ibm:rational_rhapsody:*:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5 | cpe:2.3:a:ibm:rational_rhapsody:7.5:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.0.1 | cpe:2.3:a:ibm:rational_rhapsody:7.5.0.1:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.1 | cpe:2.3:a:ibm:rational_rhapsody:7.5.1:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.1.1 | cpe:2.3:a:ibm:rational_rhapsody:7.5.1.1:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.2 | cpe:2.3:a:ibm:rational_rhapsody:7.5.2:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.2.1 | cpe:2.3:a:ibm:rational_rhapsody:7.5.2.1:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.3 | cpe:2.3:a:ibm:rational_rhapsody:7.5.3:*:*:*:*:*:*:* |
| ibm | rational_rhapsody | 7.5.3.1 | cpe:2.3:a:ibm:rational_rhapsody:7.5.3.1:*:*:*:*:*:*:* |
Related
zdi
zdi
cvelist
cvelist
CVE-2011-1391
2011-12-23 22:00:00
prion
prion
Design/Logic Flaw
2011-12-23 22:55:00
securityvulns
securityvulns
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability
2012-02-13 00:00:00
IBM ActiveX multiple security vulnerabilities
2012-02-13 00:00:00
nvd
nvd
CVE-2011-1391
2011-12-23 22:55:00
openvas
openvas
ibm
ibm
nessus
nessus
Blueberry FlashBack SDK 'BB FlashBack Recorder.dll' Remote Code Execution
2012-01-30 00:00:00
MS 2647518: Update Rollup for ActiveX Kill Bits (2647518)
2012-03-13 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.5
Confidence
Low
EPSS
0.43
Percentile
97.4%
Related for CVE-2011-1391