CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
88.7%
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | installation_manager | * | cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:* |
ibm | installation_manager | 1.0 | cpe:2.3:a:ibm:installation_manager:1.0:*:*:*:*:*:*:* |
ibm | installation_manager | 1.2.1 | cpe:2.3:a:ibm:installation_manager:1.2.1:*:*:*:*:*:*:* |
ibm | installation_manager | 1.3.0 | cpe:2.3:a:ibm:installation_manager:1.3.0:*:*:*:*:*:*:* |
ibm | installation_manager | 1.3.1 | cpe:2.3:a:ibm:installation_manager:1.3.1:*:*:*:*:*:*:* |