Lucene search

[email protected]CVE-2011-2397

HistoryDec 05, 2011 - 11:55 a.m.

CVE-2011-2397

2011-12-0511:55:06

CWE-20

[email protected]

web.nvd.nist.gov

iron mountain

connected backup

cve-2011-2397

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.828 High

EPSS

Percentile

98.5%

JSON

The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.

Affected configurations

NVD

Node

ironmountainconnected_backupMatch8.4

CPENameOperatorVersion
ironmountain:connected_backupironmountain connected backupeq8.4

CPE	Name	Operator	Version
ironmountain:connected_backup	ironmountain connected backup	eq	8.4

References

osvdb.org/77495

www.zerodayinitiative.com/advisories/ZDI-11-339/

exchange.xforce.ibmcloud.com/vulnerabilities/71602

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.828 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2011-2397

saint4 cvelist1 nvd1 zdi1 kaspersky1 checkpoint_advisories1 prion1